[Octoth0rpe]

Could someone explain the differences between these two points? They seem identical to me.

> [The hash function] also should be second-preimage resistant: For a given message M1, it must be virtually impossible to find a second message M2 where M1 != M2 that produces the same hash hash(M1) == hash(M2).

> These functions should be also collision resistant: it must be virtually impossible to find two messages M1 and M2 where hash(M1) == hash(M2).

[Paedor]

The second objective is easier than the first. It may be easier to find any M1 and M2 that collide, than to find an M2 that collides with a specific M1.

[coldpie]

The difference is "for a given message M1". In the 2nd requirement, you may choose both M1 and M2. For the 1st requirement, you are given M1 and must find M2.

[amluto]

Collision resistance implies second-preimage resistance, but second-preimage resistance does not imply collision resistance.

Some care is needed with the definitions. For any hash function, the adversary can compute a bunch of hashes, and those outputs obviously have known first preimages. And a hash function with a known collision has a known second preimage given one of the colliding inputs.