The name “MD5” or “SHA-1” is already permanently tainted
Even if someone tried to release:
“MD5-fixed”
“SHA-1+”
“SHA-1.1”
No security professional would trust it.
Once a hash is proven structurally flawed, its brand is dead forever.
❌ 2. MD5 is broken
MD5 was designed in 1992. By the early 2000s:
Flaws were found in the core compression function.
These allowed researchers to exploit differential cryptanalysis — studying how small bit changes propagate inside MD5.
The result:
In 2004, collisions were generated in under a minute.
By 2007, attackers could craft chosen-prefix collisions — meaning they could create two completely different files with the same MD5 hash.
In 2012–2013, researchers forged TLS certificates by exploiting MD5 weaknesses.
Why?
Because MD5’s internal mixing steps were mathematically weak and allowed predictable patterns.
❌ 3. SHA-1 is also broken
SHA-1 (1995) was better than MD5, but shared similar structural vulnerabilities.
In 2017, Google and CWI Amsterdam created the first public SHA-1 collision (“SHAttered”).
It cost about $100k in cloud GPUs — extremely cheap for a state-level attacker.
The problem again:
SHA-1’s internal design allowed differential attacks that reduce the complexity from the ideal:
Should require: 2⁸⁰ operations
Actually required: 2⁶¹ operations (as of best attacks)
That is an astronomically huge difference.
