> Because although it's relatively easy to locate collisions with MD5, it's still tricky to perform a preimage attack against an MD5 hash
Not *that* hard. You could do it in 2008 in about 3 days with a lab of 200 Playstation 3's:
These days you can probably do it on EC2 with a bunch of GPU instances and spot pricing.
> many repos also offer SHA1 hashes as a secondary method, and it would be a computationally astronomical feat to be able to succesfully second-preimage attack an ISO that has BOTH an MD5 AND an SHA1 hash.
SHA1 has not been broken in this way (yet) - so surely this should be the primary method, not the secondary. Better still, just use SHA256, as there are indications SHA1 is also close to compromise.