Abstract
MD2 is an early hash function developed by Ron Rivest for RSA Security, that produces message digests of 128 bits. In this paper, we show that MD2 does not reach the ideal security level of 2128. We describe preimage attacks against the underlying compression function, the best of which has complexity of 273. As a result, the full MD2 hash can be attacked in preimage with complexity of 2104.
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
Download to read the full chapter text
Chapter PDF
Similar content being viewed by others
References
Balenson, D.: RFC 1423 - Privacy Enhancement for Internet Electronic Mail: Part III: Algorithms, Modes, and Identifiers. RSA Laboratories (February 1993)
Chabaud, F., Joux, A.: Differential Collisions in SHA-0. In: Krawczyk, H. (ed.) CRYPTO 1998. LNCS, vol. 1462, pp. 56–71. Springer, Heidelberg (1998)
Dobbertin, H.: Cryptanalysis of MD4. In: Gollmann, D. (ed.) FSE 1996. LNCS, vol. 1039, pp. 53–69. Springer, Heidelberg (1996)
Dobbertin, H.: The Status of MD5 after a Recent Attack. CryptoBytes 2(2), 1–6 (1996)
Dobbertin, H.: The First Two Rounds of MD4 are Not One-Way. In: Vaudenay, S. (ed.) FSE 1998. LNCS, vol. 1372, pp. 284–292. Springer, Heidelberg (1998)
Joux, A.: Multicollisions in iterated hash functions. Application to cascaded constructions. In: Franklin, M. (ed.) CRYPTO 2004. LNCS, vol. 3152, pp. 306–316. Springer, Heidelberg (2004) (to appear)
Kaliski, B.: RFC 1319 - The MD2 Message-Digest Algorithm. RSA Laboratories (April 1992)
MD5CRK, a new distributed computing project, See http://www.md5crk.com/
Menezes, A., van Oorschot, P., Vanstone, S.: Handbook of Applied Cryptography. CRC Press, Boca Raton (1996)
Preneel, B.: Analysis and design of cryptographic hash functions. PhD thesis, Katholieke Universiteit Leuven (1993)
Rivest, R.: The MD4 Message Digest Algorithm. In: Menezes, A., Vanstone, S.A. (eds.) CRYPTO 1990. LNCS, vol. 537, pp. 303–311. Springer, Heidelberg (1991)
Rivest, R.: RFC 1321 - The MD5 Message-Digest Algorithm. RSA Laboratories (April 1992)
Rogaway, P., Shrimpton, T.: Cryptographic Hash Function Basics: Definitions, Implications, and Separations for Preimage Resistance, Second-Preimage Resistance, and Collision Resistance. In: Roy, B., Meier, W. (eds.) FSE 2004. LNCS, vol. 3017, pp. 349–366. Springer, Heidelberg (2004) (Pre-proceedings Version)
Rogier, N., Chauvaud, P.: MD2 Is not Secure without the Checksum Byte. Designs, Codes and Cryptography 12(3), 245–251 (1997); An early version of this paper was presented at the 2nd SAC Workshop in 1995
Van Rompay, B., Biryukov, A., Preneel, B.: Cryptanalysis of 3-Pass HAVAL. In: Laih, C.-S. (ed.) ASIACRYPT 2003. LNCS, vol. 2894, pp. 228–245. Springer, Heidelberg (2003)
RSA Laboratories. PKCS #1 v1.5: RSA Encryption Standard (1993), Available at http://www.rsalabs.com/pkcs/pkcs-1
RSA Laboratories. PKCS #1 v2.1: RSA Encryption Standard (2002), Available at http://www.rsalabs.com/pkcs/pkcs-1
van Oorschot, P., Wiener, M.: Parallel Collision Search with Cryptanalytic Applications. Journal of Cryptology 12(1), 1–28 (1999)
Wagner, D.: A Generalized Birthday Problem. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 288–303. Springer, Heidelberg (2002) (Extended Abstract)
Wiemers, A.: The Full Cost of Cryptanalytic Attacks. Journal of Cryptology 17(2), 105–124 (2004)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2004 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Muller, F. (2004). The MD2 Hash Function Is Not One-Way. In: Lee, P.J. (eds) Advances in Cryptology - ASIACRYPT 2004. ASIACRYPT 2004. Lecture Notes in Computer Science, vol 3329. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-30539-2_16
Download citation
DOI: https://doi.org/10.1007/978-3-540-30539-2_16
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-23975-8
Online ISBN: 978-3-540-30539-2
eBook Packages: Springer Book Archive