Oddbean new post about login | logout I would want to hear what Bruce Schneier thinks of this development. It’s not uncommon for previously robust cryptography to be broken in the course of time. We switched from MD5 to SHA256 for hashing and DSA to RSA for this reason in the past. Security is a perpetual cat-and-mouse game.
Yes
With regards specifically to SHA256, I’m not worried. If it became too easy to solve Bitcoin block nonces, we can soft-fork in additional difficulty requirements. Breaking SHA256 means anyone can be a 51% attacker without actually having the hash. So un-upgraded nodes would be vulnerable. But Bitcoin would survive.