Hash collision
A hash collision occurs when two different inputs produce the same hash digest.
Definition
A hash collision happens when two distinct inputs produce the same digest under the same hash function. Collisions must exist for any fixed-size hash because there are more possible inputs than outputs, but a secure hash makes them computationally infeasible to find.
Collision resistance matters when a digest is used to identify content, sign documents, compare files, or protect integrity against an attacker.
Collision resistance
For an ideal n-bit hash, a generic collision search costs about 2^(n/2) work because of the birthday bound. This is different from preimage resistance, where the goal is to find an input for one specific digest and the generic cost is about 2^n.
MD5 and SHA-1 have practical collision attacks and should not be used for new security-sensitive designs. SHA-256, SHA-512, SHA-3, and BLAKE2 are modern choices when used in the right construction.
What a collision does not mean
A collision attack does not decrypt a hash or reveal the original message. It shows that an attacker can create two different inputs with the same digest, which can break signatures, certificates, or content identifiers that rely on uniqueness.
HMAC security does not depend on collision resistance alone in the same way as plain signatures over a digest, but protocols should still choose current hash functions and follow their specifications.
No. Collisions are mathematically unavoidable, but a well-designed hash makes finding useful collisions impractical.
No. Reversal tries to find an input for a given digest; a collision finds two different inputs with the same digest.
Both have practical collision attacks, so attackers can create different inputs that share a digest in scenarios where collision resistance matters.