SHA-1, a secure hashing function, is now even more broken. The function, used by git and older pgp versions, is vulnerable to a prefix collision attack. https://arstechnica.com/information-technology/2020/01/pgp-keys-software-security-and-much-more-threatened-by-new-sha1-exploit/