Hash Avalanche

Hash Avalanche

Edit the message to see the avalanche.

Why is CRC32 so easy to collide, and can real hashes be broken?

CRC32 is a checksum: it's great at catching accidental corruption, but it was never meant to stop an attacker, and its 32-bit output means a matching pair shows up after only ~2¹⁶–2¹⁷ tries (the birthday bound). Cryptographic hashes are meant to resist this, with much longer outputs and carefully designed mixing. Even so, researchers have broken older ones:

  • MD5: Xiaoyun Wang and Hongbo Yu showed practical collisions in 2004.
  • SHA-1: the SHAttered team (Marc Stevens, Elie Bursztein, Pierre Karpman, Ange Albertini, Yarik Markov) produced the first real SHA-1 collision in 2017, building on Stevens' earlier cryptanalysis.

Those attacks exploit structure in the algorithm to find collisions far faster than brute force. SHA-256 has resisted this so far.