New Cryptanalytic Results Against SHA-1
But an attack that's faster that's faster than 2^64 is a significant milestone. We've already done massive computations with complexity 2^64. Now that the SHA-1 collision search is squarely in the realm of feasibility, some research group will try to implement it. Writing working software will both uncover hidden problems with the attack, and illuminate hidden improvements. And while a paper describing an attack against SHA-1 is damaging, software that produces actual collisions is even more so.
The story of SHA-1 is not over. Again, I repeat the saying I've heard comes from inside the NSA: "Attacks always get better; they never get worse."
The link for this article located at Schneier on Security is no longer available.