"As of 2012, the most efficient attack against SHA-1 is considered to be the one by Marc Stevens[32] with an estimated cost of $2.77M to break a single hash value by renting CPU power from cloud servers.[33] Stevens developed this attack in a project called HashClash,[34] implementing a differential path attack. On 8 November 2010, he claimed he had a fully working near-collision attack against full SHA-1 working with an estimated complexity equivalent to 2^57.5 SHA-1 compressions. He estimates this attack can be extended to a full collision with a complexity around 2^61."
"As of 2012, the most efficient attack against SHA-1 is considered to be the one by Marc Stevens[32] with an estimated cost of $2.77M to break a single hash value by renting CPU power from cloud servers.[33] Stevens developed this attack in a project called HashClash,[34] implementing a differential path attack. On 8 November 2010, he claimed he had a fully working near-collision attack against full SHA-1 working with an estimated complexity equivalent to 2^57.5 SHA-1 compressions. He estimates this attack can be extended to a full collision with a complexity around 2^61."
Source: http:// en.wikipedia. org/w/index. php?title= SHA-1&oldid= 598619464# Attacks