Is it possible to seed "fake" piece with same SHA1?

Hi, I apologize since my understanding of BitTorrent and SHA1 is somewhat limited. I've been reading about anti-piracy companies releasing torrents with "bad" files inside. "Bad" meaning the content is corrupted. Is this because it is not possible to generate a matching SHA1 without the torrent piece being identical? If it possible, would it require super computing power to generate a corrupt piece that matches in SHA1?

Yes, to create a corrupt piece matching in SHA1 would definitely require lots of computing power...just for that one piece!

It'd take an extremely long amount of time for a single chunk. Long enough that it wouldn't matter at all.

As has been stated, it's difficult to generate data with identical SHA1's, and that's without restricting what data can be generated. If you take into account the fact that the data chunk needs to be identical in size to the targetted piece, it's probably next to impossible (very improbable) that an identical hash could be generated. Then you gotta take into account the fact that you might generate the same piece the first time around if you manage to generate a piece with an identical SHA1 hash (which would've already taken a long time); in that case, you've already wasted a bunch of time generating an uncorrupted piece, and would have to waste a bunch more just to generate another (almost definitely nonexistent) corrupted piece with identical SHA1 hash and data size.

Short answer: sure it's possible, but it's VERY improbable and impractical for this to be used as a method to poison swarms.

just to clarify: when we say that it's "possibly but improbable" to forge a piece matching an pre-existing sha1 hash (called a pre-image attack as opposed to a birthday collision attack) that means it's technically possible to create one, but it takes longer than the lifetime of the universe on average.

What the anti-p2p companies are doing is simply releasing fake torrents with useless data in the first place (with appropriate hashes for the fake data) to spam torrent indexing sites and the send fake data out to normal torrents in the hope that it'll take quite some time until the client identifies which peer has sent the fake data.

They've got attacks on SHA-1 down to 2^35 (34.4 billion) operations to find partial collisions, so it's possible to find collisions in reasonable amounts of time (still fairly large) with very large supercomputers or distributed networks at this time. The problem is, I'm not sure that helps much if you want to find a collision of the same *length*.

Nevertheless, the performance of HPC is increasing at a rate far exceeding Moore's law due to the introduction of new paradigms like the GPGPU. You can throw together an amazingly powerful supercomputer for a lot less than you used to be able to by spending a few million and getting some racks of nVidia Tesla S1070 units.

However, the sort of power you'd need to make any of this practical is likely to be out of reach of anti-piracy companies for a few years until either better attacks are found or cost-per-performance comes down. And there's still the length issue.

Anyhow, as with any mathematical problem, the unrelenting exponential rise of performance will eventually solve all problems like these. SHA-1 won't be safe forever, and BitTorrent will eventually have to migrate to a new hashing function. How many years that takes, I've no clue.

An interesting problem in seeding a "fake" piece with the same SHA1 is uTorrent often downloads a single piece from multiple ips at once. You'd have to get the "fake" piece ALL from a poisoner source...which that source would have no control over.