A question about Hash and BitTorrent

[jkoop]

Is it possible to have the same hash code as another torrent created at an earlier time? How does uTorrent actually BitTorrent clients in general know if the hash code as been used or to not use that hash code?

[Ultima]

Nothing guarantees uniqueness of hashes, and BitTorrent doesn't do anything special in that regard. It's impossible -- after all, hashing is basically an attempt to represent infinitely many possible combinations of bits in a fixed (finite) number of bits! BitTorrent simply relies on the unlikelihood of collisions occurring, where the "lowness" of this improbability depends on the quality of the hashing algorithm in use.

BitTorrent uses SHA-1 to calculate the info_hash deterministically, using pieces of metainfo from the .torrent file as input for the algorithm. Sure, it's theoretically possible to get infinitely many collisions (same hash from different input data), but in practice, it's highly improbable that this would happen under normal circumstances. Hash functions are designed such that their digests are likely to be unique (even for similar-looking input data).

SHA-1 is "broken" in that collisions can technically be generated in a manner more efficiently than the algorithm was designed to withstand, if attackers wanted to do so badly enough. In the context of BitTorrent, I doubt the collisions would be particularly relevant or worrisome though... As computationally difficult as it already is to find collisions, it would probably be even more difficult to find collisions given the condition that the new colliding input data matched the original input data in size.

tl;dr: Math