Fatally weak MD5 function torpedoes crypto protections in HTTPS and IPSEC MD5 and its only slightly stronger SHA1 cousin put world on collision course.

Researchers from the INRIA institute in France have devised several attacks which prove that the continued support for MD5 in cryptographic protocols is much more dangerous than previously believed.

Oracle says that starting with April 18, 2017, Java (JRE) will treat all JAR files signed with the MD5 algorithm as unsigned, meaning they'll be considered insecure and blocked from running.