Broken in the cryptographic sense; we found some faster way of generating collisions than brute-force. Obviously, if I'm hashing several KB into a 160-bit number, a collision with any particular result will occur one in 2^160 times by blind luck. If I'm just looking for two things with the same hash (not matching a given one), I'll only need around 2^80 tries. Any method that actually gives you collisions faster than random guessing is considered "broken"; although it's not yet feasible to crack it, it's not as secure as a simple bit-count would suggest. I don't think it's an issue here, though. (And I'm no cryptographer either; I know just about enough to read blogs by people who understand the journals and try to put it in lay terms.) And by the way, thanks for taking the initiative on this project; I think it's going to be very useful, and my hat's off to you for coming up with ideas and working on it, while the rest of us are just spouting off ideas. (It's come up a couple times before, I even half-jotted some pseudo-code for some scripts to accomplish it, but nobody really dug in seriously like you're doing.)