Glossary
Hash Collision
A hash collision is when two different inputs produce the same hash output. Secure hash functions make finding one computationally infeasible.
A hash collision occurs when two distinct inputs produce the same digest: H(a) = H(b) with a ≠ b. Because a hash maps arbitrarily large inputs onto a fixed-size output, collisions must exist by the pigeonhole principle — the security question is whether anyone can find one.
For an ideal n-bit hash, finding a collision should take about 2^(n/2) work thanks to the birthday attack. That is why output size matters: a 256-bit hash targets ~128-bit collision security.
MD5 and SHA-1 are considered broken precisely because real collisions can be produced cheaply — see MD5 explained and SHA-1 explained. SHA-256, SHA-3, and BLAKE3 have no known practical collisions.
Collisions are dangerous wherever a digest stands in for data: digital signatures, TLS certificates, and deduplication. To understand the property that prevents them, read how cryptographic hashing works, or generate and compare hashes in your browser.