SHA-1 has been broken - Journal of Omnifarious
May. 10th, 2009
04:02 am - SHA-1 has been broken
It's sort of been broken for awhile. There were some attacks on it that were cheaper to perform than you'd expect given it's 160-bit hash length, but they were still not in the practical range for current computing hardware. Now there's an attack in 252 steps, which is well within the range of current computing hardware. Still not in the range for a desktop PC to be sure, but definitely doable.
The problem is that all of the replacements are woefully undertested and/or based on the same design principles as SHA-1 and so are also not particularly safe. The NIST hash function won't have good results for at least another 2-3 years. :-(