Denial of service vulnerabilities have been found in hashes underpinning host of web applications including those offered by Google, Microsoft, Yahoo and those based on Java among scores of others.