Difference between revisions of "MD2"
From The ECRYPT Hash Function Website
(→Others) |
|||
Line 34: | Line 34: | ||
=== Others === | === Others === | ||
+ | |||
+ | <bibtex> | ||
+ | @article{dccRogierC97, | ||
+ | author = {N. Rogier and Pascal Chauvaud}, | ||
+ | title = {{MD2 Is not Secure without the Checksum Byte}}, | ||
+ | journal = {Des. Codes Cryptography}, | ||
+ | volume = {12}, | ||
+ | number = {3}, | ||
+ | year = {1997}, | ||
+ | pages = {245-251}, | ||
+ | url = {http://dx.doi.org/10.1023/A:1008220711840}, | ||
+ | abstract = {In 1989, Ron Rivest introduced the MD2 Message Digest Algorithm which takes as input a message of arbitrary length and produces as output a 128-bit message digest, by appending some redundancy to the message and then iteratively applying a 32 bytes to 16 bytes compression function. MD2 Message Digest Algorithm is one of the most frequently used hashing function with MD4, MD5, SHA, SHA-1. Some attacks against MD4 and MD5 have been presented by Dobbertin. Up to now, no attack against MD2 has been presented. This function has been updated in 1993 in the RFC 1423 document. It was conjectured that the number of operations needed to get two messages having the same message digest is on the order of 2^64 (using the birthday paradox), and that the complexity of inverting the hash function is on the order of 2^128 operations. No attack against this function has been published so far. In this paper, we propose a low complexity method to find collisions for the compression function of MD2. The easiness to find these collisions could imply that the first conjecture is false if these collisions can be used to make global collisions for MD2.}, | ||
+ | } | ||
+ | </bibtex> |
Revision as of 18:06, 10 March 2008
Contents
1 Specification
2 Cryptanalysis
2.1 Best Known Results
2.2 Generic Attacks
2.3 Collision Attacks
2.4 Second Preimage Attacks
2.5 Preimage Attacks
2.6 Others
N. Rogier, Pascal Chauvaud - {MD2 Is not Secure without the Checksum Byte}