I’m struggling to get a clear understanding of second preimage resistance and collision resistance.
Research on the internet yielded the following definitions:
Second pre-image resistance
Given an input m1, it should be difficult to find a different input m2 such that hash(m1) = hash(m2). Functions that lack this property are vulnerable to second-preimage attacks.
It should be difficult to find two different messages m1 and m2 such that hash(m1) = hash(m2). Such a pair is called a cryptographic hash collision. This property is sometimes referred to as strong collision resistance. It requires a hash value at least twice as long as that required for pre-image resistance; otherwise collisions may be found by a birthday attack.
As far as I understand, every collision resistant hash function is also second pre-image resistant.
I don’t understand why collision resistance is harder to achieve, given that input m1 of second pre-image resistance could still be theoretically any input in the domain of the hash function.