bittorrent hashes as susceptible to collision attacks.

Collision attacks are not really a problem, since they only happen when the attacker gets to specify the hash, which wouldn't be the case here.

Generating a file that hashes to an existing hash is called a Preimage attack, and SHA-1 (the algorithm used by bittorrent) isn't, for now and as far as we know, vulnerable to any.

SHA1 is vulnerable to it, but you're right that ive drastically overestimated the practicality of a preimage attack. Thanks for the correction :)

Why do you say that SHA1 is vulnerable to second preimage attacks? Zero have been found.

Because anything that's vulnerable to collision attacks is theoretically vulnerable to preimage attacks. Where I went wrong was assuming that preimage attacks were practical, but as you've rightly said, there's been no known exploits because of their extreme difficulty.

So it's one of those situations where everyone was right: it's so impractical to exploit that it's as good as not vulnerable even though it's mathematically possible.

Git and bittorrent use exactly the same hash format (sha1); bittorrent is no more susceptible than Git.

They use hashes for different features though. Ie You don't pull chunks anonymously with git