SHA-1 is Really Dead Now

Matt Green:

In crypto we have the idea that hash function collisions should be really hard to find, even if they're 'useless'. [...] [A real-world collision attack] is the equivalent of finding out that your scalpel wasn't sterilized properly. It may not verifiably have germs on it, but the whole instrument is considered unsafe.

We knew it was coming. At barely $110.000 to achieve it is truly here. It would be wise to move to SHA-3 as soon as possible. Especially when designing new software.

Via Ars Technica.