(1) This is very old news.<p>(2) If you are using MD5 OR SHA1 directly in any way, you almost certainly have systems problems that are much scarier than Xiaoyung Wang's attack.<p>If you're doing things right, this stuff shouldn't make any difference.
I am not a PS guru. All of that is gibberish to me. I think this is what is going on:<p>1) There is a single source file foo.ps
2) Since PS is interpreted, there is a statement like:
if(filename=="recommendation.ps") { show_recommendation(); }
else { show_give_security_clearance(); }<p>This attack will work on no matter what hash you use because it uses social engineering (i.e., laziness - no one looks inside their PS files)<p>I think so anyway...
I'm taking a computer forensics class, and the professor is an active policeman who does computer forensics. They make a lot of use of hashes in computer forensics - they use hashes to determine if evidence has been tampered with. He's spoken about this - he's aware of the possibility of hash collisions, but he does not believe anyone could practically use them in a real attack.