the stream

SHA1-collisions applied to Bittorrent

Alexander Bochmann Monday 06 of March, 2017
Unless more generic SHA1 collisions turn up, this looks like a somewhat forced scenario (that doesn't really warrant an own name and web site, but hey) - someone has thought up a way to apply the SHAttered attack to Bittorrent:

As far as I understand from the BitErrant web site, they're proposing to use the two colliding data blocks from SHAttered to create two torrents that contain one differing chunk (with the same SHA1 hash nevertheless), and then look at the contents of that chunk as a trigger to decide whether to execute a "hidden" malicious payload that's contained elsewhere in both versions of the torrent. (Bittorrent uses a SHA1 hash to identify each 32k chunk in the torrent.)

Yeah, ok. I don't think I'm particularly scared now...

(Via Isotopp.)