You don't really need to talk to anybody about this except people who torrent both illegal and legal torrents.
Torrent poisoning is the most ripe for exploitation and the one with the highest return for a malicious attacker.
So when you talk to someone who torrents, just tell them that the way the torrents verify a file is the correct one is no longer secure, and they have to keep an eye out for the next software update. And if anyone is paranoid, then stop downloading new torrent files, although there is no problem with seeding.
Now that I think about it, I think it is crucial for everyone to keep seeding as much as they can, because it reduces the probability of a bad torrent chunk from spreading as much across the network.
EDIT: Here's a good article that isn't very technical
wont an easy fix be to just hash it again with sha256? Sure that will take time to bake it into software, but wont they just be able to put a text label next to the description and say "sha256: abc...123" ?
Torrent poisoning is the most ripe for exploitation and the one with the highest return for a malicious attacker.
So when you talk to someone who torrents, just tell them that the way the torrents verify a file is the correct one is no longer secure, and they have to keep an eye out for the next software update. And if anyone is paranoid, then stop downloading new torrent files, although there is no problem with seeding.
Now that I think about it, I think it is crucial for everyone to keep seeding as much as they can, because it reduces the probability of a bad torrent chunk from spreading as much across the network.
EDIT: Here's a good article that isn't very technical
https://www.wired.com/2017/02/common-cryptographic-tool-turn...