[tedunangst]

Has anyone said "just use MD5" to someone who wasn't about to use CRC32 instead?

[drdaeman]

Doubt about this exact case, but I've seen MD5 being (ab)used in a really weird ways, which I attributed to mindless "oh, I'll just use MD5 here, heard it's good for security!"

One particular case I remember was use of md5(md5(md5(unix_timestamp()))) to generate "secure" session tokens.

[tptacek]

That scheme would be insecure even if it was SHA3(SHA2(SHA1(unix_timestamp()))