Today while proctoring the CS211 final exam, I was talking to another one of the TAs about cryptology, and we eventually got around to talking about secure hashes, and the so-called “1-way functions” that people so desperately desire to find. He told me an anecdote about how a place he once worked at used the low quarter bits from the md5 of images to identify a url. Fairly standard practice, since collisions are extremely rare and security not important, and an “almost unique” url would get made. However, their company fell under lawsuit by some other web company holding a patent for “uniquely identifying web objects via url by md5 hash.”
Rather than get the patent thrown out, they contested on a technicality of the patent–the uniqueness condition, claiming that because they truncate the md5 they have collisions in their web objects. Now, this is before the recent md5 collision research, which would have made stuff much easier for them, so they ended up spending the whole weekend permuting pixels of an image until they found an md5 that equaled another of their images. Moral of the story? Software patents are ridiculous.