The attacks target weaknesses in the hash algorithms that permit multiple hash collisions to take place.
Ruby On Rails, Mozilla and others have moved to a new hash built by the researchers who found the hole. Java has not."
Link to Original Source
Make it right before you make it faster.