Difference between revisions of "MD2"

From The ECRYPT Hash Function Website
(Collision Attacks)
(Specification)
 
(2 intermediate revisions by one other user not shown)
Line 1: Line 1:
 
== Specification ==
 
== Specification ==
  
 +
 +
* digest size: 128 bits
 
<!--  
 
<!--  
* digest size: 160 bits
 
 
* max. message length: < 2<sup>64</sup> bits
 
* max. message length: < 2<sup>64</sup> bits
* compression function: 512-bit message block, 160-bit chaining variable
 
* Specification:
 
 
-->
 
-->
 +
* compression function: 128-bit message block, 7296-bit internal state
 +
* Specification: [http://www.ietf.org/rfc/rfc1319.txt RFC1319]
  
 
== Cryptanalysis ==
 
== Cryptanalysis ==
Line 16: Line 17:
  
 
=== Generic Attacks ===
 
=== Generic Attacks ===
* [[GenericAttacksMerkleDamgaard| Generic Attacks on the Merkle-Damgaard Construction ]]
+
* MD2 is not a design follwing the Merkle-Damgaard construction principle. [[GenericAttacksHash| Generic Attacks on Hash Functions]]
  
 
----
 
----

Latest revision as of 09:53, 12 March 2008

1 Specification

  • digest size: 128 bits
  • compression function: 128-bit message block, 7296-bit internal state
  • Specification: RFC1319

2 Cryptanalysis

2.1 Best Known Results


2.2 Generic Attacks


2.3 Collision Attacks

Lars R. Knudsen, John Erik Mathiassen - Preimage and Collision Attacks on MD2

FSE 3557:255-267,2005
http://dx.doi.org/10.1007/11502760_17
Bibtex
Author : Lars R. Knudsen, John Erik Mathiassen
Title : Preimage and Collision Attacks on MD2
In : FSE -
Address :
Date : 2005

2.4 Second Preimage Attacks


2.5 Preimage Attacks

Fr\'ed\'eric Muller - The MD2 Hash Function Is Not One-Way

ASIACRYPT 3329:214-229,2004
http://springerlink.metapress.com/openurl.asp?genre=article{\&}issn=0302-9743{\&}volume=3329{\&}spage=214
Bibtex
Author : Fr\'ed\'eric Muller
Title : The MD2 Hash Function Is Not One-Way
In : ASIACRYPT -
Address :
Date : 2004

2.6 Others

N. Rogier, Pascal Chauvaud - MD2 Is not Secure without the Checksum Byte

Des. Codes Cryptography 12(3):245-251,1997
http://dx.doi.org/10.1023/A:1008220711840
Bibtex
Author : N. Rogier, Pascal Chauvaud
Title : MD2 Is not Secure without the Checksum Byte
In : Des. Codes Cryptography -
Address :
Date : 1997