[kmeisthax]

If you could just throw anyone who forged a digital signature in prison, you'd keep using MD5, too.

The reason why people like us keep changing everything for security is specifically because we have no access to justice. Computer crimes are international and difficult to prosecute, so you might as well drop an algorithm like a hot potato if anyone - even just nation state actors - could break it. We build our rules out of code because we do not have access to the material they make laws out of.

That being said, continuing to use MD5 is utterly inexcusable.

[Moru]

Yes, this is a thing. My arguments have bene shot down with a handwaving several times. "But that would be a crime so then we call our lawyers". Feels like it would be cheaper to just use something secure than to pay a lawyer :-)

[NoboruWataya]

If someone commits a crime, it's not the victim of the crime that has to pay for the lawyer to prosecute them.

[tesdinger]

Kim Yong Un is not going to make a bank transfer out of North Korea to pay for your Lawyers after they hacked you.

[Moru]

Exactly

[m3047]

Would have upvoted except for that last sentence. There is no such thing as a perfectly good airplane, at least as long as "perfect" means flawless rather than good enough. Granted, there is a whole dance for accepting the risk from known defects (that's the whole point).