
PGP keys, software security, and much more threatened by new SHA1 exploit - furcyd
https://arstechnica.com/information-technology/2020/01/pgp-keys-software-security-and-much-more-threatened-by-new-sha1-exploit/
======
mzs
SHA-1 is a Shambles First Chosen-Prefix Collision on SHA-1 and Application to
the PGP Web of Trust Gaëtan Leurent and Thomas Peyrin

[https://eprint.iacr.org/2020/014.pdf](https://eprint.iacr.org/2020/014.pdf)

>identical-prefix collisions can now be computed with a complexity of 2^61.2
rather than 2^64.7, and chosen-prefix collisions with a complexity of 2^63.4
rather than 2^67.1. When renting cheap GPUs, this translates to a cost of 11k
US$ for a collision, and 45k US$ for a chosen-prefix collision

