Putting the cracking of SHA-1 in perspective

SHA-1 is one of the most prevalent forms of a secure hash algorithm used in the legal and security industry. Now that Professor Xiaoyun Wang and her associates in Tsinghua University and Shandong University of Technology have officially cracked the SHA-1 hashing algorithm, the fallout will begin. This won't actually be due to security concerns for the most part, but the legal ramifications may be severe.

Background
A digital hash is basically a fingerprint of a data file. The perfect hashing algorithm will always produce a unique-enough finger print for a particular data stream that it is practically impossible to find a different data stream matching that finger print. Professor Wang did just that and found a different data stream with an identical finger print that matches the SHA-1 hash of the original data stream. While hashes have been broken before, the SHA-1 hash was published by the NIST in the1995 and was believed to be solid for a long time to come. But professor Wang surprised the cryptographic community in early 2005 with the announcement that she and her team had figured out a way to speed up the cracking process by more than 11 orders of magnitude.

Before I continue, I want to make it clear that the work of Professor Wang and her team is probably one of the biggest accomplishments in the field of cryptanalysis in recent years and is very well respected by her peers. But to put this event in the proper perspective, the finding of a hash collision does not mean the end of the world if your current security products use the SHA-1 hashing algorithm. Just because a hash collision is found doesn't necessarily mean hackers can start exploiting this. Not only does it still requires a massive amount of computing fire power to find a single hash collision but more importantly; finding a hash collision doesn't necessarily mean that a hacker has something useful.