So. A little more on the previous post. Keep in mind this is an 4th year undergrad talking, with half a course in Cryptography under his belt.

SHA-1 is a cryptographic hash function. This devlopment reduces the number of operations required to find a collision from 2^80 (which is unfeasible) to 2^69, meaning it would no longer be considered 2nd preimage resistant. Now, that may not seem like a lot, but consider this: if it took 39 years before, at 2^80 operations, now it takes less a week - I'm not sure how long it actually takes; I'm illustrating a point. Remember, 2^11 is a lot, especially when you're multiplying something already huge by it.

What does this mean to you? Any password systems using SHA-1 are less secure - normally, a hash of your password is stored rather than your password itself, since otherwise the admin can get it. But now, assuming they have access to the hashed value, they can get something that, while it may not be your password, will get them into whatever you've password protected. 2^69 operations is still a lot of effort, so while it is LESS secure, your passwords can probably still be considered pretty safe. But digital signatures using SHA-1 should be treated as crap, since everyone's got access to the hashed value (that's the point!), and thus can use a dummy key to fake the signature. Using something like SHA-512, which has a much longer key length, will help restore the security for now; but now that we know that we can do better than brute force, the question becomes how MUCH better can we do? The SHA family's days could be numbered, depending on what other smart people can do with it.

Of course, this also requires getting the paper, which is from researchers at Shandong University in China. They're reputable, since they've done this before with MD5 (also a hash function), and because Bruce Schneier says so. But I AM really looking forward to getting my hands on the paper. We'll see when we get it.