They cannot do that. This is a two-sides hash-collision, i.e. the attacker needs to create both things that then collide when hashed. Creating a second key with the same hash as yours is still infeasible today, unless you cooperate with the attacker.
Thanks for proving my point about utterly clueless people here. You are one of them.
A high-entropy password hashed with SHA1 is perfectly secure. You could even hash it with MD5 and still be secure. A low-entropy hashed with SHA1 is not less secure than hashed with, say, SHA-512.
That very much sums it up.
For "coding"? Not a chance in hell.
Hmm, are you drunk or stoned.
That seems to actually apply to you, because you missed that I was very clearly not talking about teaching it only for 1 hour. I was talking about teaching it with a real effort behind it. Still an utter fail.
Indeed. But seeing that would require some actual understand of the issue at hand, instead of a simple-minded "newer must be better".
That is apparently an idea many, many people cannot understand, obvious though it is.
My guess is that these people can only think in association-classes: For them, SHA1 equals security and any successful attack on SHA1 (no matter what its nature is) hence must break security in all applications of SHA1 (even if not used for security there or the attack is irrelevant for the scenario it is used in).
Of course, such a simplistic model of thinking is utterly pathetic and disconnected from reality, but it seems to be what is going on in their minds. And then these morons believe that are actually qualified to tell experts what to do.
Using SHA1 for fingerprints is not an issue at this time. All somebody could do is create two PGP keys with the same fingerprint. As keys do not really contain any critical information, unlike X.509 certificates, this matters little. So the reason SHA1 is "still" used there is that the people doing it actually understand what they are doing.
That argument does not count for most people, because most people have no clue what a hash actually does and what it can be used for. Most of these morons have no clue that crypto-hashes can well be used for non-crypto things.
So a cryptographically accurate description of the situation together with a risk analysis and announcement of a longer-term plan is "to hell with security"?
There seems to be something wrong with your brain.
That is bullshit. CRC is slow and has a collision-probability high enough to be a concern. CRC is not a good idea in repositories that can be very large. Incidentally, the claim that using a crypto-hash for a hash indicates that a "secure" has is needed is completely bogus. Crypto-hashes now have speeds and set-up times that make them well suitable as replacements for normal hashes in situations where you not mainly hash very short things. A lot of semi-competent people seem to have missed that little fact though.
That really annoys me no end. There is some gradual improvement in a specific attack, expected by everybody that has a clue and not seen as anything dramatic by the same people. And immediately a horde of people with no understanding of crypto swoop in an declare the sky to be falling and all uses of this thing are now invalid. This is really just utterly pathetic.
Example: I have to constantly defend the use of SHA1 for password hashing. (Sure, something like pbkdf2 or Argon2 should come later if the password may be low-entropy and gets stored. That is not always the case.) The thing is that password hashing has the purpose of preventing the hash being turned into a password again. Collision attacks have no impact on that at all. For a collision attack you would need to know the password and then you could find a second one with the same hash (or rather with the two-sided, much easier, variant you can find two passwords that map to the same hash). Now, these nil-whits completely overlook that the situation when using hashes in signatures always is that you already have what gets signed, which is completely different to the password situation. Still they claim "SHA1 is broken!". No it is not. It is broken for some specific _different_ application.
Why so many non-experts think they can voice a qualified opinion about a very hard mathematical topic is beyond me.
What Linus says here is exactly right and it is a statement by an expert. All those criticizing him are basically people that can put on a band-aid telling a brain-surgeon how to do his work. They just do not get it at all.
You really have no clue about IT Security Risk Management. A broken trust model most certainly is a systematic failure and it is far, far worse than a defect implementation detail like an insecure hash function.
You cannot get people there. This is abstract skill, and even those with talent and the will to learn struggle at them. May well ask everybody to get how surgery works, or how to do the static design for a building. Cannot be done.
After a number of decimal places, nobody gives a damn.