Hash Collision

Two different inputs producing the same hash output, which breaks the integrity guarantee of a cryptographic hash function.

A hash collision is when two different inputs hash to the same digest. For a cryptographic hash, collisions are guaranteed to exist (the input space is larger than the output space) but should be computationally infeasible to find. When researchers demonstrate practical collisions, the function is considered broken for signature use: MD5 collisions were published in 2004, SHA-1 collisions in 2017 (SHAttered), and both are now banned from TLS certificates and code signing. SHA-2 and SHA-3 families have no known practical collisions.

Reference

SHAttered SHA-1 collision

Related terms

Cryptographic Hash Function
SHA-256
MD5
SHA-1

Back to the full glossary