2^{52}

This is interesting news. McDonald, Hawkes and Pieprzyk claim that they have reduced the collision strength of SHA-1 to 2^{52}. As usual, don't panic: collisions are hard to exploit. However, this implies that the wise CA would transition at least to randomized serial numbers and that the SHA-256 transition is now more important.

I'm still trying to decipher this Schnorr presentation entitled "Average Time Fast SVP and CVP Algorithms: Factoring Integers in Polynomial Time". Presumably, if this led to a practical attack, Schnorr would have presented it differently, but I'd be interested to see an analysis of the impact of it, if any, from a real cryptographer.