A major encryption algorithm cracked

This just in from crypto guru Bruce Schneier:

SHA-1 Broken

SHA-1 has been broken. Not a reduced-round version. Not a simplified version. The real thing.

This is a favorite subject of mine, partly because the couple of years I spent with distributed.net, partly from the extreme math/geek factor of crypto algorithms. (I read Schneier's book cover-to-cover, for fun.) A little background from the paper written by the researchers:

One-way hash functions are a cryptographic construct used in many applications. They are used in conjunction with public-key algorithms for both encryption and digital signatures. They are used in integrity checking. They are used in authentication. They have all sorts of applications in a great many different protocols. Much more than encryption algorithms, one-way hash functions are the workhorses of modern cryptography.

So how big a deal is this in a practical sense?

For the average Internet user, this news is not a cause for panic. No one is going to be breaking digital signatures or reading encrypted messages anytime soon. The electronic world is no less secure after these announcements than it was before. ... Jon Callas, PGP's CTO, put it best: "It's time to walk, but not run, to the fire exits. You don't see smoke, but the fire alarms have gone off." That's basically what I said last August.

The full story is in Schneier's blog, full of other tidbits I find juicy.