Wang et; recently found several collisions in some hash functions, such as MD4, MD5, Haval-128 and RIPEMD. These findings have significantly changed our views about the security of existing hash functions. Unfortunately, although it is easy for us to verify the correctness of the collisions published by Wang et, the sufficient conditions for collisions are not clear. In this paper, we present our methodology for constructing the sufficient conditions of collision tables by using Haval-128 Pass 3 as an example. We propose a backward analysis method of compression functions for constructing the sufficient condition table and the differential characteristic table. We also expose the weaknesses of Haval-128 which may be applied to other hash functions.