Right, the more complex the algorithm the more difficult it is to have a collision. Early this year Google said they had generated a collision using SHA-1(28). IIRC MD5 collisions existed around 2005.
Funny thing is how "low" a priority this is according to brrowsers... my FF27 still allows a MD5 key to be set! In fact, there are only 2 true SHA256 keys with Foreward Secrecy, and a third without FS. When I ran FF45.8esr many poor algorithms were still included/available.
Regards
8Geee