What is SHA-1 Collision Attack ?
SHA-1 was designed by NSA in 1995 as a standard Digital Signature Algorithm , for a decade researchers pointed out the flaw in the system theoretically and how it can be exploited but the costs to pull that off were more than $130K and months of computing.
Google with a group of researchers pulled it off making it a reality that's why its a big news..
How SHA-1 Collision Works ?
2 files can not have a digital print , even if a difference of a period in one file will give you a different digital print a.k.a SHA-1 , but if you see PDF-1 and PDF-2 both have different content but guess what ? they have same digital signature which means SHA-1 has been exploited or "Shattered" because of the collision Attack.
In the image below you can see that the Bad doc also has the same hash
How SHA-1 Effects the normal User ?
If you use Chrome, you will be automatically protected from insecure TLS/SSL certificates, and Firefox has quickly reacted to this announcement, and deprecated SHA-1 as of February 24th, 2017.
Files sent via Gmail or saved in Google Drive are already automatically tested against this attack.
What types of systems are affected?
Any application that relies on SHA-1 for digital signatures, file integrity, or file identification is potentially vulnerable. These include:
How to Exploit SHA-1 for Collision Attacks ?
This would require a great number of Computation Power , even the attack done by Google cost them $11000 , so its not currently in the range. You should read a research of 2009 where a user made 2 different files with same hashes here and after that read Marc Research on the current Collision Attack
