SHA-1 has been broken. Not a reduced-round version. Not a simplified version. The real thing.
This attack builds on previous attacks on SHA-0 and SHA-1, and is a major, major cryptanalytic result. It pretty much puts a bullet into SHA-1 as a hash function for digital signatures (although it doesn’t affect applications such as HMAC where collisions aren’t important).
What he said. Major, major cryptoanalytic result. The U.S. government, via NIST, planned to phase out SHA-1 by 2010 anyway. I imagine this will speed things up a bit:
…due to advances in technology, NIST plans to phase out of SHA-1 in favor of the larger and stronger hash functions (SHA-224, SHA-256, SHA-384 and SHA-512) by 2010.
MD5 was partially broken months ago. These are interesting times we live in.