Ed Felter spreads a SHA-1 hash collision rumor.
Eric Rescorla does a good job of explaining that even if true, a collision is not of great practical import.
A collision merely means that two pieces of content (“messages” in crypto-speak) have been found that generate the same arbitrary hash.
For reasons that aren’t all that intuitive, it is much harder to find a specific match than an arbitrary collision.
I think in day-to-day experience a good analogue would be this: it’s pretty easy to find odd coincidences if you look. If you know how to conjure up specific odd coincidences on demand, tell me.
All that said, Bitzi also uses the Tiger hash, which is not from the same family as SHA-1, as an insurance policy among other things.
Disclaimer: I am not a crypto expert. If true this rumor may be huge news for crypto theorists.