[chias]

It's worth noting that there are no known attacks against MD5 HMACs, which look identical to MD5 hashes.

[notahomosapien]

Quantum computers will severely break MD5 and SHA-1, so they'd be broken even if they are used with HMAC. Use SHA2-256 unless you need quantum-resistant collision resistance, in which case you should use SHA2-384. Use HMAC-SHA2-* with an 256-bit key if you want to prevent length extension attacks.

[bawolff]

Severely break is a bit of a overstatement.

It will make a speed up, but its not like shor's algorithm - you need a really powerful quantum computer before md5 comes under threat.

But to be clear. Md5 is broken do not use.