It's a HASH, for crying out loud. It's not meant to be provably perfect at identifying unique data streams.

• It is clear that the MD5 digest cannot be unique for every data stream, since it is potentially far shorter than the original data;
• It is clear that an endless variety of data streams will have the SAME digest, because you can construct pretty much any data stream you want;
• It is clear that some yahoo might even be able to make a couple of "falsified" data streams which produce the same MD5 hash;
• It is clear that the MD5 hash is as mathematically valid as it ever has been, since the algorithm hasn't changed at all.

Say you were expecting message M, with hash H. You instead get message N which also happens to hash to H.

• If you were expecting M to be about 20 MB, what's the chances of N being exactly, or even approximately the same size?
• If you were expecting M to be a tarball or other application data, what's the chances of N being uncompressable or otherwise parsable? That is, the falsified data also happens to conform to the protocol?
• If you were expecting M to be executable, what's the chances of N being executable? That is, no introduction of obviously broken execution flaws?

You're worried about MD5 digests for showing falsification of data, right? Where some attacker alters the message? I contend that it will be pretty darned hard to find a useful attack on a message while maintaining MD5 integrity.

To Allied Commanders:
Raiders Expected on Supply Lines in Sector 5.
Keep on guard.
--HQ
[download]

To Allied Commanders:
No Raids Reported on Supply Lines for Sector 5, 6, or 8.
Let Freedom Reign.
--HQ
[download]

Until someone shows that you can (1) take any arbitrary data set M, (2) falsify it to data set N, by (3) modifying a limited portion of M in an application-useful way and (4) adding less than a gigabyte of additional data, and (5) still come out with M=>H and N=>H hash equivalence, I'll trust MD5, thanks.