De-compilation is at best a violation of your license to use the library, forfeiting your ability to use it, and at worst could be a violation of the anti-circumvention clause of the DMCA, which could land you in court or in jail.
And here's (http://cryptography.hyperlink.cz/md5/MD5_collisions.pdf) a paper demonstrating a technique for finding MD5 collisions quickly: eight hours on 1.6 GHz computer.
There are collisions. It is possible with MD5 to create a hash for two completely different files. Read Schneier's blog.
Incorrect. Read Schneier's blog, which I included in my post. It is broken for file hashing.
From the article:
"MD5 hash values are a cornerstone of computer forensics and fully accepted as evidence that two files are identical copies of each other. You could claim that you didn’t download the song from the file sharing network because you were the one who uploaded it, but I doubt that will help your legal predicament."
The MD5 hash has been known insecure since at least 2005. See: http://www.schneier.com/blog/archives/2005/06/more_md5_collis.html. I seriously doubt any computer forensics expert in 2011 would use MD5 hashes as evidence that two files are identical.