"Exploit Fully Breaks SHA-1, Lowers the Attack Bar"

Researchers from INRIA in France and the Nanyan Technological University in Singapore developed a proof-of-concept attack that is capable of breaking the Secure Hash Algorithm-1 (SHA-1) code-signing encryption. The exploit developed by Gaetan Leurent and Thomas Peyrin is said to be less complicated and expensive than previous PoC attacks on SHA-1, lowering the level of complexity for attackers. The attack leaves users of GnuPG, OpenSSL, and GIT in danger as they still support SHA-1 in some way. This article continues to discuss the continued use of SHA-1 despite efforts to phase the cryptographic function out and the latest PoC attack on SHA-1. 

Threatpost reports "Exploit Fully Breaks SHA-1, Lowers the Attack Bar"