SHA-256 Hash Collision

From https://docs.syncthing.net/dev/device-ids.html#an-aside-about-collisions

The SHA-256 hash is cryptographically collision resistant. This means that there is no way that we know of to create two different messages with the same hash.

You can argue that of course there are collisions - there’s an infinite amount of inputs and a finite amount of outputs - so by definition there are infinitely many messages that result in the same hash.

I’m going to quote stack overflow here:

The usual answer goes thus: what is the probability that a rogue asteroid crashes on Earth within the next second, obliterating civilization-as-we- know-it, and killing off a few billion people ? It can be argued that any unlucky event with a probability lower than that is not actually very important.

If we have a “perfect” hash function with output size n, and we have p messages to hash (individual message length is not important), then probability of collision is about p2/2n+1 (this is an approximation which is valid for “small” p, i.e. substantially smaller than 2n/2). For instance, with SHA-256 (n=256) and one billion messages (p=10⁹) then the probability is about 4.3*10^-60.

A mass-murderer space rock happens about once every 30 million years on average. This leads to a probability of such an event occurring in the next second to about 10^-15. That’s 45 orders of magnitude more probable than the SHA-256 collision. Briefly stated, if you find SHA-256 collisions scary then your priorities are wrong.