On 10/10/15 20:14, ianG wrote: > I guess the next question would be, how long we expect the freestart > limitation to last as a meaningful barrier to full SHA1 collision attacks. And, for some attackers, is that "how long" figure already a negative number?