In this paper, we study the security of permutation based hash functions, i.e. block-cipher based hash functions with fixed keys. SMASH is such a hash function presented by Knudsen in 2005 and broken the same year by Rijmen \textit{et al.} Here we show that the tweaked version, proposed soon after to thward the attack can also be attacked in collusion in time $2O(^{n/3})$. This time complexity can be reduced to $O(2^{2\sqrtn})$ for the first tweak version, which means an attack against SMASH-256 in $c\cdot 2^32$ for a small constant $c$. Then, we show that a generalisation of SMASH, using two permutations instead of one, can be proven secure against collision in the ideal-cipher model in $\Omega(2^{n/4})$ queries to the permutations. In order to analyze the tightness of the proof, we devise a non-trivial attack in $O(2^{3n/8})$ queries, which is the best security level that can be reached for 2-permutation based hash functions.