Last year was a bad year for the Secure Hash Algorithm. This year has been worse.
A key technology used in digitally signing documents and programs, the Secure Hash Algorithm, or SHA, is used by U.S. federal agencies and by corporations. It's used to reduce long documents to a smaller unique digital fingerprint, or hash, which is then signed using public-key encryption.
Last year, researchers found holes in various techniques used to create the numerical fingerprints. Among the results was a successful attack against the first version of the SHA algorithm, SHA-0.
This year, two of the researchers responsible for finding that attack--Xiaoyun Wang and Hongbo Yu of China's Shandong University--teamed up with Yiqun Lisa Yin, an independent security consultant in the United States. Together, they broke the more popular version of the algorithm, SHA-1. The paper describing that break will likely be published in May.
---
Bruce Schneier has written on this topic: Cryptanalysis of SHA-1
... his earlier blog
... the short 3 page paper [PDF]