[zAy0LfpBZLC8mAC]

Yeah, it's like saying "oh but the attack possibilities are so limited" to then proceed to mention how all the components can't bear the load of the bridge.

Well, if that piece of steel can so obviously not hold those 10000 tons of concrete given the corrosion over the next 30 years, it should be trivial to break it even with their limitations.

It has been shown that SHA1 is broken - it's just that experts in the field tend to be able to know such things before the bridge has collapsed, but that does not mean that they can demonstrate it to anyone who doesn't want to study the theories behind their assessment without building the bridge and waiting 30 years.

[raverbashing]

It looks to me the SHA1 part is the least of their worries.

Yes, the pillar may corrode in 30 years, but the load is actually on a smaller and frailer pillar

[zAy0LfpBZLC8mAC]

And yet, the fact that a bridge design contains a pillar that any expert expects to collapse after 30 years might tell you something about the designer's competence and thus about the viability of the whole design.

This is not so much about showing how to break their system, but about showing how their design methodology is likely to produce an unreliable system - because that (a) is much easier to do than actually breaking a system and (b) precisely because of that is how cryptographers usually work and (c) it is actually known to be possible to build systems that are more likely to be and to stay secure, so there is no point in compromising reliability for implementability.