> I know of no single incident of SHA-256 or SHA-3 having collisions successfully generated.
That's fine, I don't expect you to believe me without evidence. But I have seen this happen more than once in my work.
> you are relying on someone having selected a weak password
Stated another way, you are relying on having some idea of what the original data looked like, so you can reduce the search space. Absolutely correct.
However, if you're hashing public records like real estate, where you literally have the clear text, that's a much simpler problem than cracking passwords. All you need to do is alter the document in the way that you want, then find what other changes are needed to create a collision with the original hash. This is not very computationally intensive compared to password cracking.
Add in that the amount of money on the line with real estate can be high enough that it would make it worth throwing serious resources at it -- more than the average password cracker could even begin to summon -- and my confidence in the security of the hashes is greatly reduced.
That's fine, I don't expect you to believe me without evidence. But I have seen this happen more than once in my work.
> you are relying on someone having selected a weak password
Stated another way, you are relying on having some idea of what the original data looked like, so you can reduce the search space. Absolutely correct.
However, if you're hashing public records like real estate, where you literally have the clear text, that's a much simpler problem than cracking passwords. All you need to do is alter the document in the way that you want, then find what other changes are needed to create a collision with the original hash. This is not very computationally intensive compared to password cracking.
Add in that the amount of money on the line with real estate can be high enough that it would make it worth throwing serious resources at it -- more than the average password cracker could even begin to summon -- and my confidence in the security of the hashes is greatly reduced.
Here's an interesting general overview of the problem: https://medium.com/asecuritysite-when-bob-met-alice/can-i-cr...