So far we didn't list the known exploit schemes. But since I started evaluating and listing Bad Seeds #99, we could as well list all known exploits, e.g. BadKeys which will always lead to collisions.

• o1hash:
  with binary keys: if key len>=4 and key[len/2 -2]..[len/2 +2] (the middle) being 0.
  eg { '\0\0\0\0', 'x\0\0\0\0x' }
  with text keys: if len >=4 and the first 4 bytes + the last 4 bytes == 0

• FNV1 variants with binary keys, just add \0's

• HalfSiphash: ...

• City all 144-byte strings with 3 bits set CityHash128 isn't thorough enough google/cityhash#4

• Murmur http://emboss.github.io/blog/2012/12/14/breaking-murmur-hash-flooding-dos-reloaded/

• JenkinsOAAT: with binary keys, just add \0's

• fasthash: expose the seed by using len=0 keys, the seed is then the reverse of the simple mix function.

• md5 https://eprint.iacr.org/2013/170.pdf

• sha1 https://marc-stevens.nl/research/papers/PhD%20Thesis%20Marc%20Stevens%20-%20Attacks%20on%20Hash%20Functions%20and%20Applications.pdf