Hash Avalanche
Hash Avalanche
Edit the message to see the avalanche.
Why is CRC32 so easy to collide, and can real hashes be broken?
CRC32 is a checksum: it's great at catching accidental corruption, but it was never meant to stop an attacker, and its 32-bit output means a matching pair shows up after only ~2¹⁶–2¹⁷ tries (the birthday bound). Cryptographic hashes are meant to resist this, with much longer outputs and carefully designed mixing. Even so, researchers have broken older ones:
- MD5: Xiaoyun Wang and Hongbo Yu showed practical collisions in 2004.
- SHA-1: the SHAttered team (Marc Stevens, Elie Bursztein, Pierre Karpman, Ange Albertini, Yarik Markov) produced the first real SHA-1 collision in 2017, building on Stevens' earlier cryptanalysis.
Those attacks exploit structure in the algorithm to find collisions far faster than brute force. SHA-256 has resisted this so far.