While this attack reduces SHA-1 from strength 2^80 to 2^69 and 2^69
operations is still unreachably much, likelihood seems high that someone
will improve this attack once the paper has been released.
Should we phase out SHA-1? But in favour of what?
This also means that DSA/DSS is broken (a downgrade attack becomes
possible). Should we return to suggesting RSA as signature algorithm?
Description: PGP signature