Crypto'06 just finished. One of the interesting
results concerns SHA-1.

A group around Rijmen[1] has found a way to
produce a meaningful collision on a step-reduced
(64, compared to 80 steps) SHA-1. One of the authors,
and speaker[2], is still a PHD student - remarkable.

Older approaches were not explicitly applicable[3,4],
except for producing garbage messages, if I understood
this correctly. Another evidence of sensationalism present
in certain people of the cryptographic world?

I am happy that SHA-256 and SHA-512 exist


