A good hash function has the following properties:

Given a hash of a message it is computationally infeasible for an attacker to find another message such that their hashes are identical.

Given a pair of message, m' and m, it is computationally infeasible to find two such that that h(m) = h(m')

The two cases are *not* the same. In the first case, there is a pre-existing hash that you're trying to find a collision for. In the second case, you're trying to find *any* two messages that collide. The second task is significantly easier due to the birthday "paradox."

Where performance is not that great an issue, you should always use a secure hash function. There are very clever attacks that can be performed by forcing collisions in a hash. If you use something strong from the outset, you'll secure yourself against these.

Don't use MD5 or SHA-1 in new designs. Most cryptographers, me included, would consider them broken. The principle source of weakness in both of these designs is that the second property, which I outlined above, does not hold for these constructions. If an attacker can generate two messages, m and m', that both hash to the same value they can use these messages against you. SHA-1 and MD5 also suffer from message extension attacks, which can fatally weaken your application if you're not careful.

A more modern hash such as Whirpool is a better choice. It does not suffer from these message extension attacks and uses the same mathematics as AES uses to prove security against a variety of attacks.

Hope that helps!