So SHA-1's a no go too now huh? IT security is always a cat and mouse game: better locks beget better lockpickers and the gift goes on. Kind of like securing a game console
I imagine there's a slew of hash algorithms out there. I think I recall a SHA-256 (I believe they're all in the command line MD5 deep/sha1 deep series). Increasing the key length with the same algorithm only affords you so much though.
I saw a MD5 collison once when I took a Foundstone Forensics class. They had two different exe's, of different file sizes, which produced different output, and had different filenames. However when you ran them through MD5 the hashes were the same.
They didn't say exactly how they did it, but they did admit it requires a considerable amount of computing power. These guys dork out on that kind of thing, but I suppose we can say that producing these collisions at present takes the capital of a company the size of McAfee...or some mobster who manages to pay off or otherwise coerce a guy who works there.
This is a cool exe BTW, and I agree MD5 is suitable. What did you write it in?