Problem is, ANY checksum algorithm can gen has collisions. ANY. It's harder with a 256 bit checksum, that is all. AND, MD5Sum IS a 256 bit hash as used right now. PGP uses a variant of it, also. 512 bit checksum will probably come into play for many software integrity checks, and IS used for comm security and possibly some file verification security at government level now. NERO uses MD5Sum to validate burns. BTW, there are two ways to use MD5Sum for evaling files. One is to checksum each file, AND the overall archive. Modern linux does hits, with the person burning responsible for chacking the MD5Sum of the ISO file before and after burning (overall) and the installer (if this is a Linux RPM package installation for instance), is responsible for checking:

An MD5Sum checksum by RPM file, and;
A security signature by RPM file (PGP plus MD5 special hash).

Only way to make this tighter, is in the archive headers themselves to have MD5Sums for each file in the RPM, and cross check headers agains a md5sum of each file as extracted. Some RPM-Based Linuxes do THAT in latest version also. If all do not check, you have to override the install to make it happen. EVERY time I have done this, I have gotten to fix SOMETHING.

How do you eliminate a single-layer collision-type penetration?? Make it MULTILAYER, and require an ALL Layers match at install time and not just a single check of archive and the burned archive itself. It's very, very, hard to get synchronous multilayer identicals in a hash collision exploitation scenario.