Glossary
Birthday Attack
A birthday attack uses probability to find hash collisions in about 2^(n/2) tries instead of 2^n — why a 256-bit hash gives only ~128-bit collision security.
A birthday attack is a generic method for finding hash collisions that is far faster than brute force. It takes its name from the birthday paradox: in a room of just 23 people, there is a better-than-even chance two share a birthday, because the number of pairs grows quadratically.
Applied to an n-bit hash, an attacker who computes about 2^(n/2) digests has a good chance that two of them collide — rather than the 2^n work needed to hit one specific target. This square-root speedup is why:
- Collision resistance for an
n-bit hash is only aboutn/2bits. - A 256-bit hash like SHA-256 targets ~128-bit collision security, which is why 256-bit outputs are the modern baseline.
The birthday bound is a property of all hash functions — it does not mean a function is broken. Practical breaks (MD5, SHA-1) are much faster still. See how cryptographic hashing works.