That's correct. A Magnet link contains a hash of the file/s so it can be verified to be identical to the original during download. So you can't put the hash in there if you don't have the file yet.
No. A magnet link contains a hash of the torrent file, which is an extensible format[1]. One can simply add data to malicious torrent file until it collides with the target[2].
To do that, wouldn't you need to construct a file that simultaneously had two collisons for the same file: one collision for the torrent sha1, and one for the hash of the torrent (the magnet uri)?
The link you gave for finding a single collision in certain types of files (rar, sh, jpg) required putting garbage into the malicious file (eg, in comments in the sh file).
They didn't mention creating collisions in torrent files.
It seems exceedingly unlikely to me that you'd be able to construct a file containing two simultaneous collisions, unless there's a spot where you can add garbage without corrupting the file, both in the torrent file and also in the hash of the torrent.
I think the RIAA would be very interested if it was that easy to create fake torrents that hash the same.
Edit: Actually your second link doesn't even show a weakness in SHA1. So you can't create a malicious torrent using that method.
> To do that, wouldn't you need to construct a file that simultaneously had two collisons for the same file: one collision for the torrent sha1, and one for the hash of the torrent (the magnet uri)?
No.
The magnet URI only contains the hash of (part of) the torrent file. The portion that is hashed is extensible, so one could introduce additional content (like garbage or comments).
> I think the RIAA would be very interested if it was that easy to create fake torrents that hash the same.
Easy is subjective. It costs around £150k and a month to make one[1].
However I asked them, and they aren't. Or at least the MPAA isn't.
You're claiming that SHA1 has been broken, but it hasn't. Have a closer look at what's actually stated at [2].
Edit: from your [1] link I see that the hashing algorithm used in a mgnet link isn't actually fixed, and MD5 is one option. So yeah, I guess you actually can't trust the immutability of a magnet link without checking it's doesn't contain urn:md5 or urn:kzhash.
It has nothing to do with whether the hashing algorithm is "fixed" or not, it has to do with what you're hashing.
The thing being hashed (according to BEP0003) is the bencoded form of the info value from the metainfo file. What's the "info" value? Why it's a list of dictionaries that (are also bencoded) contain:
* pathnames for each file
* the length of each file
* a list of hashes for each chunk of each file
* whatever else you want: the thing is extensible.
If you can introduce whatever you want, you can start with something valid, and introduce invalid chunks until it collides. If you can do this, you can force a collision for around £150k and a month[2].
https://en.wikipedia.org/wiki/Magnet_URI_scheme#URN.2C_conta...