Я мотивую різницю для вас сценаріями атаки.
In a first preimage attack, we ask an adversary, given only H(m), to find m or some m′ such that H(m′) = H(m). Suppose a website stores {username,H(password)} in its databases instead of {username,password}. The website can still verify the authenticity of the user by accepting their password and comparing H(input)=?H(password) (with probability of 1/2n for some large n for false positives). Now suppose this database is leaked or is otherwise comprimised. A first preimage attack is the situation where an adversary only has access to a message digest and is trying to generate a message that hashes to this value.
In a second preimage attack, we allow the adversary more information. Specifically, not only do we give him H(m) but also give him m. Consider the hash function H(m)=mdmodpqpqdm′=mpq+m, H(mpq+m)=(mpq+m)dmodpq=mdmodpq. And so the adversary has found a collision with little to no computation.
We would like one way hash functions to be resistant to second preimage attacks because of digital signature schemes, in which case H(document) is considered public information and is passed along (through a level of indirection) with every copy of the document. Here an attacker has access to both document and H(document). If the attacker can come up with a variation on the original document (or an entirely new message) d′ such that H(d′)=H(document) he could publish his document as though he were the original signer.
A collision attack allows the adversary even more opportunity. In this scheme, we ask the adversary (can I call him Bob?) to find any two messages m1 and m2 such that H(m1)=H(m2). Due to the pigeonhole principle and the birthday paradox, even 'perfect' hash functions are quadratically weaker to collision attacks than preimage attacks. In other words, given an unpredictable and irreversible message digest function f({0,1}∗)={0,1}n which takes O(2n) time to brute force, a collision can always be found in expected time O(sqrt(2n))=O(2n/2).
Bob can use a collision attack to his advantage in many ways. Here is one of the simpliest: Bob finds a collision between two binaries b and b′ (H(b)=H(b′)) such that b is a valid Microsoft Windows security patch and b′ is malware. (Bob works for Windows). Bob sends his security patch up the chain of command, where behind a vault they sign the code and ship the binary to Windows users around the world to fix a flaw. Bob can now contact and infect all Windows computers around the world with b′ and the signature that Microsoft computed for b. Beyond these sorts of attack scenarios, if a hash function is believed to be collision resistant, that hash function is also more likely to be preimage resistant.