The article claims that there are no known md5 collisions. This is plain false. There are known collisions since 2004 and known windows executables with the same md5 hash since 2005.
Nobody competent would disagree; SHA2 is better than SHA1, use SHA2.
But in the real world, these distinctions matter a lot. Protocols fielded using SHA1 to glue together crypto primitives are unlikely to broken soon (often for the simple reason that they're used in hardened constructs like HMAC). Again: I don't even think there's a tractable way to break an otherwise sound protocol using HMAC-MD5 using MD5 flaws, today.
It all depends on the context. Bare MD5 is probably fine as a mixing function for an RNG. It's probably (I haven't thought this through carefully) also fine for a stretched password hash. But should MD5 be one of your go-to functions? Of course not.
Should SHA-1? Well, let me put it to you this way: if you contracted my company to assess your application and we found you using SHA-1 somewhere, we by default would not be able to write you up for it. It wouldn't actually be a vulnerability. (If you asked us specifically to review your crypto for best practices compliance, we would of course recommend you change it).
From the title, I expected an illustrated comparison of different hash algorithms. The linked article is more of an illustrated explanation of some basic properties of hash operations, and how hashing differs from encryption.
It really amazes me how well md5 has stood up to preimage attacks. It's obviously broken against collision attacks, but 2 123 is not that far from the brute force of 2 128. It's almost 20 years old now, and has been under intense scrutiny for much of that time due to its popularity. Way to go Ron Rivest.
The windows executables were constructed|discovered by a founder of the company I work for. Here is the relevant link: http://corelabs.coresecurity.com/index.php?module=Wiki&a...