Question 98. What are pseudo-collisions?

Pseudo-collisions are collisions for the compression function (see Question 97) that lies at the heart of an iterative hash function. While collisions for the compression function of a hash function might be useful in constructing collisions for the hash function itself, this is not normally the case. While pseudo-collisions might be viewed as an unfortunate property of a hash function, a pseudo-collision is not equivalent to a collision, and the hash function can still be secure. MD5 (see Question 99) is an example of a hash function for which pseudo-collisions have been discovered and yet is still considered secure.