Most hash functions are 256 bit (they’re symmetric functions, they don’t need more in most cases).
There are arbitrary length functions (called XOF instead of hash) which built similarly (used when you need to generate longer random looking outputs).
Other than that, yeah, math shows you don’t need to change more data in the file than the length of the hash function internal state or output length (whichever is less) to create a collision. The reason they’re still secure is because it’s still extremely difficult to reverse the function or bruteforce 2^256 possible inputs.
ReveredOxygen@sh.itjust.works 10 months ago
Yeah I was using a high length at first because even if you overestimate, that’s still a lot. I did 512 for the second because I don’t know a ton about cryptography but that’s the largest SHA output