Minor problems? Isn't this a security issue? Somebody can modify a binary and still have it return the same hash and distribute it to people who think that they are receiving an authentic file. Is it even an option to keep going with SHA1? Even Git, which this is less of an issue, has a plan for migrating to SHA2. https://git-scm.com/docs/hash-function-transition/
This isn't really true, sha1's weakness would require you to be the creator of the torrent, which if you are, you can just make the binary malicious to begin with.
I'm not an expert here, but I'm thinking about it like this:
Creating a SHA-1 collision is doable, but it's still hard. If you want to serve someone a malicious piece of data, that's already one hash of the two colliding hashes that you've used up. Now you have to create harmless or "benevolent" data that collides with the hash of your malicious data so that you can create a positive reputation for your file from users who aren't your targets. That way, when your target inevitably goes to download the file, you wrestle into the protocol with a lot of speed and/or nodes, and you serve the malicious data to your target instead of the data you've been serving to everyone else.
If you don't need the positive reputation, and someone will just download and run whatever you put in the torrent, you don't need the collision in the first place.
So, as I understand, that's expected to happen in foreseeable future. Otherwise, why switch from SHA1 if you can't create a collision with unaltered data?
It is not expected to happen in the foreseeable future, MD5 for instance hasn't broken in a second pre-image way, more than a decade after it was known to be weak.
This class of attacks is MUCH harder to construct against a cryptographic hash.
