While this involves computing power not accessible to all of us, I had already read some of this stuff and the article on the practical case of creating a rogue CA, compromising the entire https security.
http://www.win.tue.nl/hashclash/rogue-ca/
They describe the process in detail, which includes interesting stuff not only to learn some of the md5 details but also the https / PKI workings, for those who haven't explored it before.
Using 200 PS3 machines, they could generate during one weekend 3 or 4 collisions, and after some tries reportedly succeeded in creating a certificate that any browser would accept as a legitimate CA
A fun read indeed.