RSA Security as early as 1996 was recommending against MD5 in situations where collision-resistance was important, because research had started to show weaknesses in its family of hashes. [1]
BitTorrent does use SHA1 (last I checked -- it's been a while). Recently, SHA1 has been shown to have problems, indicating that its collision-resistance isn't as strong as its design target, and might yield to demonstrated collisions soon. [2]
So BitTorrent may want to plan for a transition to new hashes sometime in the next couple of years. Possibilities for a next-few-decades hash could include SHA256/SHA384/SHA512, Whirlpool, or the to-be-determined winner of the upcoming NIST hash competition (like the one that chose AES). [3]
RSA Security as early as 1996 was recommending against MD5 in situations where collision-resistance was important, because research had started to show weaknesses in its family of hashes. [1]
BitTorrent does use SHA1 (last I checked -- it's been a while). Recently, SHA1 has been shown to have problems, indicating that its collision-resistance isn't as strong as its design target, and might yield to demonstrated collisions soon. [2]
So BitTorrent may want to plan for a transition to new hashes sometime in the next couple of years. Possibilities for a next-few-decades hash could include SHA256/SHA384/SHA512, Whirlpool, or the to-be-determined winner of the upcoming NIST hash competition (like the one that chose AES). [3]
[1] ftp://ftp.rsasecurity.com/pub/cryptobytes/crypto2n2.pdf
[2] http://www.educatedguesswork.org/movabletype/archives/2007/0...
[3] http://csrc.nist.gov/groups/ST/hash/index.html