One of the key features of the libtorrent project, which has just released libtorrent-2.0, is support for the BitTorrent v2 protocol. A major change from previous versions of BitTorrent v2 is that its hash function replaces SHA-1 with SHA-256 because SHA-1 is no longer secure.
Google announced its first successful collision attack on the SHA-1 hash algorithm in 2017. A collision attack is when two different messages produce the same hash value.
In Google’s study, the amount of computation required for an attack was staggering, but earlier this year researchers reduced the cost of the attack to $45,000, which will be lower in the future.
The hash length of the SHA-256 increased from 20 bytes to 32 bytes. To ensure compatibility, sha-256 info-hash remains at 20 bytes in length.
BitTorrent 2.0 is not compatible with the old protocol, but libtorrent 2.0 can handle both the old protocol and the new protocol, although the old client cannot access the seeds created by the new protocol. To help BT clients transition to BitTorrent 2.0, libtorrent 2.0 introduces a scenario called hybrid torrents.