What if a hacker creates a fake file with exact same hash value as original content? How does IPFS work to detect whether it's the right file or not?


As I am new to NFTs, I’ve learned that the actual NFT digital content is stored in IPFS.
I’ve also learend that IPFS is safe because it uses HASH that if there’s one little change, the HASH value changes.

However, as there were many attempts in Blockchain as well, there are hackers who manipulate the time stamp and create the exact same HASH value with wrong file.

So, when that exact HASH with wrong file is distributed, how can IPFS detect which one is the original and which one is wrong file?

Files do not have timestamp metadata in IPFS

In the Bitcoin case, it was a design bug: an important information (the date), what not included in the data to hash, so it could be forged. In the Bitcoin protocol, being able to forge the date was a vector for attack. In IPFS, the metadata is not included and not transmited. It is up to the client to create them, or obtain them by another mean. If you “wrap” your file in a directory, you may be able to transfer the metadata. But now it is the hash of the directory and the files inside, so the metadata are protected.

In short, all informtions that are transmited via IPFS or published to it are protected. An “IPFS hash” (aka a CID), maps to a precise string of byte, so IPFS is not affected by Bitcoin’s problem. (And to be clear, the Bitcoin problem wasn’t that there was an alternative file created with the same hash which is impossible, it was that some important data wasn’t covered by the hash and hence were forgeable)

If a hacker can create a file that has the exact same hash value as the “original” one, the hacker has either recreated the original file or found a hash collision.