You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Hello,
So I have a limited amount of knowledge of topic. But I read some newsarticle about collision in SHA-1 see for example the Wikipedia page https://en.m.wikipedia.org/wiki/SHA-1 which mentioned it.
I do not know how any of this works, but I would like to know: is this problematic for torrenting.
In https://en.m.wikipedia.org/wiki/BitTorrent the history category it is mentioned that the usage of SHA-1 to validate could be considered a security risk.
As I understand it:
To make sure a uploader has the same file as the downloader intents to receive we compare it. Does the uploader give out that same hash as the downloader expect, but due to unspecified mathemetical problems it is possible that the hash is the same. Even if it isn't the same file
Which brings me to the question:
Do I understand correctly how it works?
Is this a real daily risk that this collision can appear on accident?
If it isn't, would it be easy for attackers to exploit this? Since you can create a exact same hash for a different file maybe it could be done for malware as well. Maybe it takes a very long time to create a matching hash for a very specific different torrent in a malicious program, but there are probably millions of torrents. So would this be a realistic attack in daily life? Or would this require billions to do such a attack
And if it is, would it be possible to create additional verification such as file size checks to make sure the files are actually legitimately the same since people are commonly too lazy to switch to more secure torrents
And maybe I fully misunderstood the system and is there zero correlation between collision and security risks in BitTorrent.
I would really like to know the likeability of this affecting a casual person using a application like qbitttorent to torrent or if it's just a theoretical risk for nerds
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
-
Hello,
So I have a limited amount of knowledge of topic. But I read some newsarticle about collision in SHA-1 see for example the Wikipedia page https://en.m.wikipedia.org/wiki/SHA-1 which mentioned it.
I do not know how any of this works, but I would like to know: is this problematic for torrenting.
In https://en.m.wikipedia.org/wiki/BitTorrent the history category it is mentioned that the usage of SHA-1 to validate could be considered a security risk.
As I understand it:
To make sure a uploader has the same file as the downloader intents to receive we compare it. Does the uploader give out that same hash as the downloader expect, but due to unspecified mathemetical problems it is possible that the hash is the same. Even if it isn't the same file
Which brings me to the question:
Do I understand correctly how it works?
Is this a real daily risk that this collision can appear on accident?
If it isn't, would it be easy for attackers to exploit this? Since you can create a exact same hash for a different file maybe it could be done for malware as well. Maybe it takes a very long time to create a matching hash for a very specific different torrent in a malicious program, but there are probably millions of torrents. So would this be a realistic attack in daily life? Or would this require billions to do such a attack
And if it is, would it be possible to create additional verification such as file size checks to make sure the files are actually legitimately the same since people are commonly too lazy to switch to more secure torrents
And maybe I fully misunderstood the system and is there zero correlation between collision and security risks in BitTorrent.
I would really like to know the likeability of this affecting a casual person using a application like qbitttorent to torrent or if it's just a theoretical risk for nerds
Beta Was this translation helpful? Give feedback.
All reactions