Metablogging (but worth it) via Bruce Schneider: SHA-1 has been broken by a research team from Shandong university in China - based on collisions in hashing operations. This doesn't affect applications, as Bruce states, yet it takes the edge out of SHA-1 hashes as digital signatures.
With the still required 2**69 hash operations to to get a collision in the SHA-1 algorithm, it will still take weeks to break a hash - but compared to the 2**80 operations needed in a brute-force attack, that's a major, major "improvement" if you want to call it that.
