A discussion has broken out about when the defeat of SHA-1 hashing will happen. That’s “when”, not “if”, because it’s just a matter of time and the growth of computing resources or the decline in the price of computing resources that matter. The method of attack is already known. If a better attack develops the defeat could come in just a few years bringing unprecedented chaos to IT. Rather than having to buy computing resources, the bad guys can just rent a botnet and have a million PCs doing what they want at any time. That means the bad guys will win if we do nothing.
Should we hedge our bets and use a variety of hashes so that whichever one is defeated first can just be dropped with minimal problems? Should we require simultaneous checks with multiple hashes? That would seem to make finding a collision more difficult. The first crack of SHA-1 is extremely unlikely to simultaneously collide with MD-5.
“A collision attack is therefore well within the range of what an organized crime syndicate can practically budget by 2018, and a university research project by 2021.”