If I had a hash function outputting a 256 bit hash, would there be any discernible difference comparing the last 50 bits of 2 hashes versus comparing the first 50 bits?
I guess what I am trying to say is can you have 2 hashes that finish with the same 50 bits yet have the first 206 bits different? (Assuming we are using Merkle-Damgård setup)
My gut says it shouldn't be any different because theoretically a hash should use all possibilities of hash values with equal randomness.
If I had a hash function outputting a 256 bit hash, would there be any discernible difference comparing the last 50 bits of 2 hashes versus comparing the first 50 bits?
No, not for a correctly constructed cryptographic hash function.
My gut says it shouldn't be any different because theoretically a hash should use all possibilities of hash values with equal randomness.
That is correct.
I guess what I am trying to say is can you have 2 hashes that finish with the same 50 bits yet have the first 206 bits different? (Assuming we are using Merkle-Damgård setup)
Yes, absolutely. There is always a possibility of two hashes matching by pure chance, but by checking only 50 bits instead of the full hash, you are increasing that probability significantly.
Checking only 50 bits of a 256-bit hash is essentially the same as checking all of a 50-bit hash (whichever 50 bits you choose). And as SEJPM is stating in their comment, the probability of two hashes of this size matching by chance is about one in $2^{25}$ (i.e. much higher than one in $2^{50}$) because of the birthday paradox. As user Meir Maor rightly pointed out, the birthday paradox does not apply here.
This answer to the similar question "Should I use the first or last bits from a SHA-256 hash?" might be of interest to you.
