[CC-list carried forward from the last SHA-1 thread I found] Thought I'd sent a brief line about this since nobody else did. There's a newly published "From Collisions to Chosen-Prefix Collisions Application to Full SHA-1" paper making the news this week which builds on the SHAttered attack: https://eprint.iacr.org/2019/459.pdf See https://shattered.io for that original attack. I asked Marc Stevens on Twitter whether the sha1collisiondetection library would cover the sorts of collisions generated by the method described in this paper. He said yes: https://twitter.com/realhashbreaker/status/1128419029536923649 Not all the details are out on this new attack, in particular the researchers (CC'd) haven't yet published details[1] on improvements that would make such an attack cheaper to carry out than the current state-of-the art, which I understand from Marc's Twitter feed is something he's skeptical about. In any case, it looks like the sha1collisiondetection library will save the day again. Thanks Marc & Dan! 1. https://www.zdnet.com/article/sha-1-collision-attacks-are-now-actually-practical-and-a-looming-danger/
