Why use SHA-512? Because it is the currently generally-believed-to-be most secure hash algorithm.
IMHO, when designing a new protocol/system/etc., one of the goals of the design should be to build for the future as much as possible and as much as practical. That means, for example, making things extensible, and avoiding having to change things in the future. Even though there may not be any currently known attack for generating a malicious Zip file, the known weaknesses in MD5 indicate that it can't be trusted for much longer. In fact, US-CERT says that you "should avoid using the MD5 algorithm in any capacity." (emphasis mine)
Also, regarding building for the future, even though you say that its intended purpose is as a control checksum rather than a cipher, unless you are absolutely certain that nobody will think that it's a good idea to also have a cipher, if you're choosing to use a cryptographic hash function anyways, why not use a stronger one that can be used for both purposes? You say that you don't think that hackers would waste their time trying to build a malicious Zip file, but with Moodle being one of the most popular VLEs, and with more companies and institutions investing in VLEs, and with things such as people using the same password for multiple sites, Moodle could very well be a tempting target.
IMHO, when someone says "hash", one's first thought, barring any other constraints or considerations, should be the current best hash algorithm, which is currently generally agreed to be SHA-512. Some possible constraints or considerations are:
- hash size: in some cases (e.g., if many hashes are used and/or if the data is small), a large hash size may cause too great of an overhead. But this isn't the case in this situation, since the hash size is many, many times smaller than the ZIP file.
- speed: one hash algorithm may be faster than another, and if many hashes are calculated, this may be an issue. But in this case, a hash is only calculated occasionally, so this is not an issue.
- availability of implementation: in some cases, the current-best hash algorithm might not be readily available in the target system. But in this case, PHP 5.3 already includes SHA-512 support, so this is not an issue.
Given that no other issues are, IMHO, relevant, the remaining distinguishing feature for hashes is the security, and in this regard, SHA-512 is the clear winner. Even if you think that SHA-512 is overkill, at least use SHA-256, or even SHA-1.
Another thing that I would like to point out is that by using MD5, you may be encouraging others, who might not know better, to do the same. "If it's good enough for Moodle, it's good enough for me." We should be setting an example of migrating away from MD5 wherever possible, rather than encouraging its use.
As I see it, there is simply no reason to use MD5 here, especially since it is just a one-line change. (Well, OK, two lines -- one line on the server, and one line on the client.)
