In this paper, we present a pseudo-collision attack on the compression function of all Twister variants (224,256,384,512) with complexity of about 226.5 compression function evaluations. We show how the compression function attack can be extended to construct collisions for Twister-512 slightly faster than brute force search. Furthermore, we present a second-preimage attack for Twister-512 with complexity of about 2448 compression function evaluations and memory requirement of 264 1 Description of Twister The hash function Twister is an iterated hash function based on the Merkle-Damg˚ard design principle. It processes message blocks of 512 bits and produces a hash value of 224, 256, 384, or 512 bits. If the message length is not a multiple of 512, an unambiguous padding method is applied. For the description of the padding method we refer to [1]. Let m = m1 m2 · · · mt be a t-block message (after padding). The hash value h = H(m) is computed as follows: H0 = IV Hi = f(Hi−1, Mi) f...