For those who haven't heard yet there's a way to compute SHA-1 hashes faster than brute force

Bruce's recent article has started a great deal of debate. Clearly the implications for the way cryptographic signatures are relied upon more and more come into question. IMHO the sky's not about to fall down but certainly it's sensible for all software authors(Microsoft included) to think how their software could be impacted.

It's only a matter of time before a new branch of mathematics is found which makes it possible to rapidly factor huge prime numbers - negating asymmetric key crptography - this will have a profound effect. Of course it could take years and years before such a branch of mathematical theory is found. IMHO this will happen one day - if may already have happened outside the public arena but therin lies yet another conspiracy theory!

The one thing you can be sure of in IT Security is that no technical measure works indefinately. Remember when common thinking was that a Firewall would protect you from all evil...... Simply relying on a single technology (such as cryptography) is a folly. Well thought out complementary measures are the only way - each assuming that the others have failed - otherwise known as "defence in depth". It's not rocket science and yet many people fail to assess their risk from a business perspective and apply multiple complementary mitigation steps. IMHO stealing data is easy, the catch is how much effort you're prepared to put in to achieve your goal.