Xxhash Vs Md5

Collisions can be crafted in seconds on a laptop (e.g., two different executable files with same MD5 hash, first demonstrated by Wang et al. in 2004, refined to practical attacks since). An attacker can produce two SSL certificates with different identities but identical MD5 hash — leading to catastrophic trust violations.

Given non-adversarial data (e.g., system logs, genomic reads, file chunks), the probability of an accidental collision is very low — for xxh64 (2^64 space), you’d expect a collision after ~2^32 ≈ 4 billion items (Birthday paradox). That is adequate for most non-security applications. However, an attacker can deliberately construct inputs that collide with xxHash in seconds because the mixing function is not collision-hardened. xxhash vs md5