Difference between revisions of "MD2"
From The ECRYPT Hash Function Website
Crechberger (talk | contribs) |
(→Specification) |
||
| Line 1: | Line 1: | ||
== Specification == | == Specification == | ||
| + | |||
| + | * digest size: 128 bits | ||
<!-- | <!-- | ||
| − | |||
* max. message length: < 2<sup>64</sup> bits | * max. message length: < 2<sup>64</sup> bits | ||
| − | |||
| − | |||
--> | --> | ||
| + | * compression function: 128-bit message block, 7296-bit internal state | ||
| + | * Specification: [http://www.ietf.org/rfc/rfc1319.txt RFC1319] | ||
== Cryptanalysis == | == Cryptanalysis == | ||
Latest revision as of 09:53, 12 March 2008
Contents
1 Specification
- digest size: 128 bits
- compression function: 128-bit message block, 7296-bit internal state
- Specification: RFC1319
2 Cryptanalysis
2.1 Best Known Results
2.2 Generic Attacks
- MD2 is not a design follwing the Merkle-Damgaard construction principle. Generic Attacks on Hash Functions
2.3 Collision Attacks
Lars R. Knudsen, John Erik Mathiassen - Preimage and Collision Attacks on MD2
- FSE 3557:255-267,2005
- http://dx.doi.org/10.1007/11502760_17
BibtexAuthor : Lars R. Knudsen, John Erik Mathiassen
Title : Preimage and Collision Attacks on MD2
In : FSE -
Address :
Date : 2005
2.4 Second Preimage Attacks
2.5 Preimage Attacks
Fr\'ed\'eric Muller - The MD2 Hash Function Is Not One-Way
- ASIACRYPT 3329:214-229,2004
- http://springerlink.metapress.com/openurl.asp?genre=article{\&}issn=0302-9743{\&}volume=3329{\&}spage=214
BibtexAuthor : Fr\'ed\'eric Muller
Title : The MD2 Hash Function Is Not One-Way
In : ASIACRYPT -
Address :
Date : 2004
2.6 Others
N. Rogier, Pascal Chauvaud - MD2 Is not Secure without the Checksum Byte
