Support for BitTorrent v2 in our Torrents

Migration steps

• Decide whether all this is worth the effort vs. Remove support for BitTorrent download (#19275 - closed)
• Wait for common BitTorrent clients to support hybrid (v1 + v2) Torrents
  • Transmission 4 in Debian stable (mid-2025)
  • Transmission 4 in Ubuntu LTS (April 2026)
  • Identify common BitTorrent clients on Windows
  • Identify common BitTorrent clients on macOS
• Figure out how to mitigate the UX regression: the current tiny "or download using BitTorrent" text on the installation instructions may not be sufficient anymore: we might want to suggest some BitTorrent clients that will work.
• Find a CLI tool in Debian that we can use to generate hybrid Torrents
• Ensure the trackers we use support hybrid Torrents
• Update our release process to create hybrid Torrents

Original report

I'd like to request that the installer torrents be compatible with BitTorrent v2.

The salient difference is that BitTorrent v2 uses SHA-256 for data verification, whereas the v1 specification uses SHA-1. It is possible to make v1/v2 backward-compatible .torrent files.

The v2 spec is fairly old and hasn't been widely supported in torrent clients, but support has increased recently since the cost of SHA-1 collision attacks has dropped.

A few sources say the cost of SHA-1 attacks is now in the USD 10k-100k range, which seems potentially relevant to tails users.