This paper considers the hash function MD2 which was developed by Ron Rivest in 1989. Despite its age, MD2 has withstood cryptanalytic attacks until recently. This paper contains the state-of-the-art cryptanalytic results on MD2, in particular collision and preimage attacks on the full hash function, the latter having complexity 273, which should be compared to a brute-force attack of complexity 2128.
KeywordsCryptographic hash function MD2 Collision attack Preimage attack
Unable to display preview. Download preview PDF.
- A. Joux, Multicollisions in iterated hash functions. Application to cascaded constructions, in Advances in Cryptology—CRYPTO 2004, Proceedings, ed. by M.K. Franklin. Lecture Notes in Computer Science, vol. 3152 (Springer, Berlin, 2004), pp. 306–316 Google Scholar
- B.S. Kaliski Jr., The MD2 Message-Digest Algorithm, April 1992. Network Working Group, Request for Comments: 1319 Google Scholar
- L.R. Knudsen, J.E. Mathiassen, Preimage and collision attacks on MD2, in Fast Software Encryption 2005, Proceedings, eds. by H. Gilbert, H. Handschuh. Lecture Notes in Computer Science, vol. 3557 (Springer, Berlin, 2005), pp. 255–267 Google Scholar
- X. Lai, J.L. Massey, Hash functions based on block ciphers, in Advances in Cryptology—EUROCRYPT ’92, Proceedings, ed. by R.A. Rueppel. Lecture Notes in Computer Science, vol. 658 (Springer, Berlin, 1993), pp. 55–70 Google Scholar
- F. Muller, The MD2 hash function is not one-way, in Advances in Cryptology—ASIACRYPT 2004, Proceedings, ed. by P.J. Lee. Lecture Notes in Computer Science, vol. 3329 (Springer, Berlin, 2004), pp. 214–229 Google Scholar
- National Institute of Standards and Technology. FIPS PUB 180-2, Secure Hash Standard, 1 August 2002 Google Scholar
- B. Preneel, Analysis and design of cryptographic hash functions. PhD thesis, Katholieke Universiteit Leuven, January 1993 Google Scholar
- R.L. Rivest, The MD4 message digest algorithm, in Advances in Cryptology—CRYPTO ’90, Proceedings, eds. by A. Menezes, S.A. Vanstone. Lecture Notes in Computer Science, vol. 537 (Springer, Berlin, 1991), pp. 303–311 Google Scholar
- R.L. Rivest, The MD5 Message-Digest Algorithm, April 1992. Network Working Group, Request For Comments: 1321 Google Scholar
- RSA Laboratories, PKCS #1: RSA Cryptography Standard (Version 2.1, June 14, 2002). Available: http://www.rsa.com/rsalabs/node.asp?id=2125 [2009/1/28]
- Verisign, Inc. Status Responder Certificate. Class 3 Public Primary Certification Authority. Serial number: 70:BA:E4:1D:10:D9:29:34:B6:38:CA:7B:03:CC:BA:BF. Issued 1996/01/29, expires 2028/08/02. http://www.verisign.com/repository/root.html#c3pca [2009/08/17]