Comment by cluckindan
1 day ago
And if someone invests in having >90% of the peers offer a malicious file and serve DHTs matching that file?
1 day ago
And if someone invests in having >90% of the peers offer a malicious file and serve DHTs matching that file?
Torrent files are hashed, so it's exactly the same risk profile as the comment I was referring to. But generally hashing algorithms are collision-proof enough that what you're describing is basically impossible (requiring many years of compute time).
IIRC BitTorrent still uses SHA-1, which is becoming more problematic.
BitTorrent v2 uses SHA-256, but in any case SHA-1 is still second-preimage resistant. And the BitTorrent piece hashes are included in the .torrent file, so you would need to find a double collision.