Yeah, not only that but they're really not worth changing over to since they still pin their entire security on a hash function which is no different than bitcoin right now. They say you only use a private key/public key pair in Lamport once but we all know how that turned out in bitcoin. people reuse their addresses they do it all the time.
And what does the reuse have to do with the security of a hash function?the weakness isn't in the hash function per se, hopefully NIST will come out with something way more substantial than slapping some hash function on top of some half-assed algorithm for their quantum crypto standard. they sure are taking their TIME!
Quote
You don't need to "hack" a script to find a P2SH address collision. All you need is a locking script which hashes to the same final address.
I agree with everything you said! that's kind of what I was trying to say 
Quote
There is no reward. You will never find an address collision unless the address has been generated in an insecure manner.
I know but if someone is going to be trying to brute force bitcoin private keys using whatever method, it's like you said, they'll want to be focusing on address types that are most in use obviously to "increase their chances". Thus not p2sh address types. Thus legacy addresses. Quote
But i doubt it'll happen anytime soon since quantum computing isn't big concern for now.
Let's revisit that statement every year for the next 3 years!