> To do that, wouldn't you need to construct a file that simultaneously had two collisons for the same file: one collision for the torrent sha1, and one for the hash of the torrent (the magnet uri)?
No.
The magnet URI only contains the hash of (part of) the torrent file. The portion that is hashed is extensible, so one could introduce additional content (like garbage or comments).
> I think the RIAA would be very interested if it was that easy to create fake torrents that hash the same.
Easy is subjective. It costs around £150k and a month to make one[1].
However I asked them, and they aren't. Or at least the MPAA isn't.
No.
The magnet URI only contains the hash of (part of) the torrent file. The portion that is hashed is extensible, so one could introduce additional content (like garbage or comments).
> I think the RIAA would be very interested if it was that easy to create fake torrents that hash the same.
Easy is subjective. It costs around £150k and a month to make one[1].
However I asked them, and they aren't. Or at least the MPAA isn't.
[1]: https://sites.google.com/site/itstheshappening/