From threatpost.com
![sha-1 collision attack](https://media.threatpost.com/wp-content/uploads/sites/103/2018/12/21144357/Encryption-2018-year-in-review2.jpg)
Users of GnuPG, OpenSSL and Git could be in danger from an attack that’s practical for ordinary attackers to carry out.
A proof-of-concept attack has been pioneered that “fully and practically” breaks the Secure Hash Algorithm 1 (SHA-1) code-signing encryption, used by legacy computers to sign the certificates that authenticate software downloads and prevent man-in-the-middle tampering.