This is likely a low probability issue, however if there are authentication systems that store encrypted password with the same hashing algorithm used by IPFS, then it would be possible to populated a multitude of IPFS document, one for each password combination, thus providing a hash lookup table for malicious agents to reverse look up passwords if they know the hash.
I have not looked at depth into the algorithms being used, but I assume there is a low probability this would be a viable exploit.
Another considerations is that as IPFS content grows, it could be used as training data for AI to discover a currently unknown pattern to the hashing algorithm in use. Thus enabling future exploits for security systems which depend on the same cryptographic algorithms.
I’m sure brighter more knowledgeable persons than I have already considered and addressed these issue in the IPFS implementation. But I thought I would point them out incase this is of value to anyone.
Content in IPFS isn’t usually addressed by its plain SHA-256 hash; there’s usually metadata included with each block that affects the final identifier. It seems really unlikely for there to be real passwords that include the kinds of metadata that wraps IPFS blocks.
The default hashing algorithm used with IPFS is the same as what’s used by Bitcoin: SHA-256. Do you believe this also applies to Bitcoin?