Difference between revisions of "MD2"

From The ECRYPT Hash Function Website
(Preimage Attacks)
Line 30: Line 30:
 
=== Preimage Attacks ===
 
=== Preimage Attacks ===
  
 +
<bibtex>
 +
@inproceedings{asiacryptMuller04,
 +
  author    = {Fr{\'e}d{\'e}ric Muller},
 +
  title    = {The MD2 Hash Function Is Not One-Way},
 +
  pages    = {214-229},
 +
  url        = {http://springerlink.metapress.com/openurl.asp?genre=article{\&}issn=0302-9743{\&}volume=3329{\&}spage=214},
 +
  editor    = {Pil Joong Lee},
 +
  booktitle = {ASIACRYPT},
 +
  publisher = {Springer},
 +
  series    = {LNCS},
 +
  volume    = {3329},
 +
  year      = {2004},
 +
  isbn      = {3-540-23975-8},
 +
  abstract  = {MD2 is an early hash function developed by Ron Rivest for RSA Security, that produces message digests of 128 bits. In this paper, we show that MD2 does not reach the ideal security level of $2^128$. We describe preimage attacks against the underlying compression function, the best of which has complexity of $2^73$. As a result, the full MD2 hash can be attacked in preimage with complexity of $2^104$.},
 +
}
 +
</bibtex>
  
 
----
 
----

Revision as of 18:17, 10 March 2008