SHA-1 is the hashing algorithm used for signing digital content. It basically takes a data stream, does oodles of computations on it, and comes up with a “unique” fingerprint that is much shorter. This can be used to sign your mail (pgp), files, whatever ..
A team of researches have found a way to find collisions in the hashes in just 2^39 operations instead of the brute-force 2^69.
No need to panic yet, as even doing this would require computing power only big brother would be able to garner - and then again, a lot of time. a great achievement, nonetheless.
And when I was just starting to sign my email using pgp .. 
Via /. and boing boing