Anyone aware of any exploits tied the SHA-1 weakness in the wild?
(I have seen proofs of concept [1], but never actually heard of an exploit in the wild using it; for example, on: digital certificate signatures, email PGP/GPG signatures, software vendor signatures, software updates, ISO checksums, backup systems, deduplication systems, Git, etc.)
Most security critical systems have switched to sha256 at this point, and making a fresh collision still costs tens of thousands, so people arent really doing it for kicks (that said, once you have one collision you can reuse it for free as long as you keep the same prefix, so the proof of concept can be repurposed with certain constraints).
The most in the wild one i have ever heard of was when webkit accidentally broke their svn repo by checking in a collision.
However you can look at the history of md5 which had a similar flaw which was exploited by the flame malware.
(I have seen proofs of concept [1], but never actually heard of an exploit in the wild using it; for example, on: digital certificate signatures, email PGP/GPG signatures, software vendor signatures, software updates, ISO checksums, backup systems, deduplication systems, Git, etc.)
[1] https://shattered.io/