Md2 is not Secure Without the Checksum Byte
Purchase on Springer.com
$39.95 / €34.95 / £29.95*
Rent the article at a discountRent now
* Final gross prices may vary according to local VAT.
In 1989, Ron Rivest introduced the MD2 Message Digest Algorithm which takes as input a message of arbitrary length and produces as output a 128-bit message digest, by appending some redundancy to the message and then iteratively applying a 32 bytes to 16 bytes compression function. MD2 Message Digest Algorithm is one of the most frequently used hashing function with MD4, MD5, SHA, SHA-1. Some attacks against MD4 and MD5 have been presented by Dobbertin. Up to now, no attack against MD2 has been presented.
This function has been updated in 1993 in the RFC 1423 document. It was conjectured that the number of operations needed to get two messages having the same message digest is on the order of 264 (using the birthday paradox), and that the complexity of inverting the hash function is on the order of 2128 operations. No attack against this function has been published so far. In this paper, we propose a low complexity method to find collisions for the compression function of MD2. The easiness to find these collisions could imply that the first conjecture is false if these collisions can be used to make global collisions for MD2.
- B. Kaliski, The message digest algorithm MD2, RFC1115, RSA Laboratories, (1992).
- I. B. Damgård, A design principle for hash functions, Advances in Cryptology: CRYPTO '89, Lecture Notes in Computer Science, 435 (1990) pp. 416–427.
- B. Preneel, Analysis and design of cryptographic hash functions, Katholieke Universiteit Leuven, Thesis (1993).
- Md2 is not Secure Without the Checksum Byte
Designs, Codes and Cryptography
Volume 12, Issue 3 , pp 245-251
- Cover Date
- Print ISSN
- Online ISSN
- Kluwer Academic Publishers
- Additional Links
- hashing function
- Industry Sectors