Craig Andera's blog.
Schneier reports that SHA-1 has been broken. If true, this is an enormous deal - it could have very real security implications on tons of applications.
Of course, you have to wonder if the NSA knew about this years ago.
I guess I'm not sure what the advantage to an intelligence gathering organization would be. Being able to break SHA-1 would give an entity the ability to forge digital signatures, but it does not provide someone the ability to break a cipher. Further, in their role of information assurance, you'd think they'd be responsible for informing our country's economic infrastructure that SHA-1 was broken.Still, I wouldn't be suprised if they knew.