Difference between revisions of "MD2"
From The ECRYPT Hash Function Website
(→Preimage Attacks) |
|||
| Line 30: | Line 30: | ||
=== Preimage Attacks === | === Preimage Attacks === | ||
| + | <bibtex> | ||
| + | @inproceedings{asiacryptMuller04, | ||
| + | author = {Fr{\'e}d{\'e}ric Muller}, | ||
| + | title = {The MD2 Hash Function Is Not One-Way}, | ||
| + | pages = {214-229}, | ||
| + | url = {http://springerlink.metapress.com/openurl.asp?genre=article{\&}issn=0302-9743{\&}volume=3329{\&}spage=214}, | ||
| + | editor = {Pil Joong Lee}, | ||
| + | booktitle = {ASIACRYPT}, | ||
| + | publisher = {Springer}, | ||
| + | series = {LNCS}, | ||
| + | volume = {3329}, | ||
| + | year = {2004}, | ||
| + | isbn = {3-540-23975-8}, | ||
| + | abstract = {MD2 is an early hash function developed by Ron Rivest for RSA Security, that produces message digests of 128 bits. In this paper, we show that MD2 does not reach the ideal security level of $2^128$. We describe preimage attacks against the underlying compression function, the best of which has complexity of $2^73$. As a result, the full MD2 hash can be attacked in preimage with complexity of $2^104$.}, | ||
| + | } | ||
| + | </bibtex> | ||
---- | ---- | ||
Revision as of 18:17, 10 March 2008
Contents
1 Specification
2 Cryptanalysis
2.1 Best Known Results
2.2 Generic Attacks
2.3 Collision Attacks
2.4 Second Preimage Attacks
2.5 Preimage Attacks
Fr\'ed\'eric Muller - The MD2 Hash Function Is Not One-Way
- ASIACRYPT 3329:214-229,2004
- http://springerlink.metapress.com/openurl.asp?genre=article{\&}issn=0302-9743{\&}volume=3329{\&}spage=214
BibtexAuthor : Fr\'ed\'eric Muller
Title : The MD2 Hash Function Is Not One-Way
In : ASIACRYPT -
Address :
Date : 2004
2.6 Others
N. Rogier, Pascal Chauvaud - MD2 Is not Secure without the Checksum Byte
