In a recent interview, Linus Torvalds expressed regret about the pointless churn of SHA1 deprecation and this immediately reminded me of a similar, although much smaller pointless churn.
There was once a company-wide ban on SHA1, so a developer replaced SHA1 with SHA256 in a Hashcash implementation in one of the projects... without thinking of the negative side effects:
- Hashcash became ~1.5..2 times slower
- Third-party tooling could not be used anymore
The project uses this broken Hashcash even today.
P.S. In case it is not clear, SHA1 was "broken" by generating two PDFs with identical SHA1 hashes but different content by adding random binary data to it. This is why the "attackers" used PDF and not C or Java code in the first place. And when they say broken, they mean that the SHA1 collision was generated 100,000 times faster that it should be, but it still took quite a lot of computing and coding.
Where there have been better SHA1 attacks since Google's, they are mostly impractical due to collision detection built into git for a long time already.