You can verify the certificates yourself or just wait for us to make an end-to-end collision generator as we did for MD5[1] - you can use that to generate a collision in seconds on your phone or any computer. If you wait for us to complete the end to end collision, in a sense it will be a little too late as TLS certificates and other security that relies on SHA-256 needs time to move away. We think it's responsible to disclose at this stage, and as mentioned, our peer reviewer said it is a "very good result" that is "worth publishing". We've gone to great pains to make our method completely reproducible, even writing in the article that we'll help anyone who is having trouble with any part.
reply