On a more serious note, as I stated in the security issues section of the MD5 draft, there has been some progress of late on the cracking of MD5. Its still rudimentary, but it has been made. Given that there are legitimate cryptographic concerns about MD5 itself, should we be looking at SHA (mark 2 :-) as the mandatory base transform rather than MD5? .pm