PCWorld.com - Another Form of Encryption Goes Down for the Count: "News that a nine-year-old encryption method--one that underlies the protection of virtually all secure online communications--appears to have been cracked by a team of three Chinese researchers has spurred encryption experts around the world to issue a call to action.
The standard, known as SHA-1, 'is used in pretty much every cryptographic protocol out there,' says encryption expert Bruce Schneier. '[SHA-1 is] used in SSH, in SSL, in S/MIME, in PGP. It's used in IPSec. VPNs use it. Everybody uses it.'
The scope of the problem is enormous. Virtually all application and server software that incorporates SHA-1 into its functions--including Web browsers, e-mail clients, instant messaging programs, secure shell clients, and file- and disk-encryption software--will need to be replaced or upgraded.
'We all sort of knew this could happen, but we didn't expect it this bad, this soon,' says Schneier, who also blogs about security topics. "