Update for BitTorrent Protocol Specification v2

[paxter]

Would be nice, if this tool would be updated with the latest BitTorrent Protocol Specification v2 described here: http://bittorrent.org/beps/bep_0052.html
Especially the part with stronger hash functions (SHA2-256) would be nice.

[maddovr]

https://blog.libtorrent.org/2020/09/bittorrent-v2/

[sbrudenell]

SHA-1 chosen-prefix attacks are now in the USD 10k-100k range. This presents a very real threat, for example against bittorrent-distributed software that might be used by dissidents or whistleblowers.

BitTorrent v2 should be high priority now.

[pobrn]

BitTorrent v2 and hybrid torrent file generation is being implemented at the moment.

[Rudde]

@sbrudenell What potential attack vector do you see could be used against a torrent file, or its usage?

[sbrudenell]

@sbrudenell What potential attack vector do you see could be used against a torrent file, or its usage?

I admit I don't have a specific vector in mind, but sha1 is used in many places in the torrent protocol so it's hard to convince myself there are no attacks.

[paxter]

https://www.bleepingcomputer.com/news/security/sha1-collision-attack-can-serve-backdoored-torrents-to-track-down-pirates/

[paxter]

Anything new? Looks like the "moment" takes a lot of time. :D

[zero77]

If you are looking to create V2 or hybrid torrent this may be of interest:
https://github.com/alexpdev/torrentfile-legacy

[predb]

If you are looking to create V2 or hybrid torrent this may be of interest:如果您想创建 V2 或混合种子，您可能会对此感兴趣： https://github.com/alexpdev/torrentfile-legacy

@zero77 thank you, do you know is there any other command line tools for creating new torrent besides this?

[zero77]

@predb
That's the only one i am aware of but, i haven't checked to see if any torrent clients can do this from command line, maby libtorrent.

[ceed0]

https://github.com/fbdtemme/torrenttools supports V2 torrents, it hasn't been updated for some time too, but it works.

Also you can find other tools in the comparsion graph there.

[jerryfreak]

https://github.com/fbdtemme/torrenttools supports V2 torrents, it hasn't been updated for some time too, but it works.

Also you can find other tools in the comparsion graph there.

i cant find a build for ubuntu jammy and trying to compile from source didnt work for me. i was able to use appimage tho.

how does one use the "similar torrents" switch? my application is to update an existing torrent fileset with new version with edited/appended files. how would one do that efficiently

[pobrn]

how does one use the "similar torrents" switch?

As far as I can see the --similar and --collection options of torrenttools are supposed to implement BEP38.

---

In any case, please note that torrenttools sometimes does not seem to generate correct v2 or hybrid files.