Comment 3 for bug 1348339

The only current known weakness in MD5 is a hash collision--the ability for an attacker to pick (with some effort) two inputs which hash to the same value. In what way do you see this posing a risk to Trove's use of MD5 for stream validation?

Also, I agree with your bug description calling this out specifically as a hardening measure, something for which we should not issue a security advisory.