MD2

From Wikipedia, the free encyclopedia

Message Digest Algorithm 2 (MD2) is a cryptographic hash function developed by Ronald Rivest in 1989. The algorithm is optimized for 8-bit computers. MD2 is specified in RFC 1319. Although other algorithms have been proposed since, such as MD4, MD5 and SHA, even as of 2004 MD2 remains in use in public key infrastructures as part of certificates generated with MD2 and RSA.

1 Description
2 MD2 hashes
3 Security
4 References
5 External links

[edit] Description

The 128-bit hash value of any message is formed by padding it to a multiple of the block length on the computer (128 bits or 16 bytes) and adding a 16-byte checksum to it. For the actual calculation, a 48-byte auxiliary block and a 256-byte table generated indirectly from the digits of the fractional part of pi are used. Once all of the blocks of the (lengthened) message have been processed, the first partial block of the auxiliary block becomes the hash value of the message.

[edit] MD2 hashes

The 128-bit (16-byte) MD2 hashes (also termed message digests) are typically represented as 32-digit hexadecimal numbers. The following demonstrates a 43-byte ASCII input and the corresponding MD2 hash:

 MD2("The quick brown fox jumps over the lazy dog")
  = 03d85a0d629d2c442e987525319fc471

Even a small change in the message will (with probability) result in a completely different hash, e.g. changing d to c:

 MD2("The quick brown fox jumps over the lazy cog")
  = 6b890c9292668cdbbfda00a4ebf31f05

The hash of the zero-length string is:

 MD2("") = 8350e5a3e24c153df2275c9f80692773

[edit] Security

Rogier and Chauvaud (1997) described collisions of MD2's compression function, although they were unable to extend the attack to the full MD2.

In 2004, MD2 was shown to be vulnerable to a preimage attack with time complexity equivalent to 2¹⁰⁴ applications of the compression function (Muller, 2004). The author concludes, "MD2 can no longer be considered a secure one-way hash function".

[edit] References

Burt Kaliski, MD2 Message Digest Algorithm, April 1992.
Frédéric Muller, The MD2 Hash Function is Not One-Way, ASIACRYPT 2004, pp214–229.
N. Rogier and Pascal Chauvaud, MD2 is not Secure without the Checksum Byte, Designs, Codes and Cryptography, 12(3), pp245–251, 1997.
Lars R. Knudsen and John Erik Mathiassen, Preimage and Collision Attacks on MD2. FSE 2005.

[edit] External links

Serversniff.net Online-Tool to compute MD2-Hashes out of strings
Online Char (ASCII), HEX, Binary, Base64, etc... Encoder/Decoder with MD2, MD4, MD5, SHA1+2, etc. hashing algorithms

This cryptography-related article is a stub. You can help Wikipedia by expanding it.

edit Cryptographic hash functions and Message authentication codes (MACs)
Hash algorithms: Gost-Hash \| HAS-160 \| HAVAL \| MDC-2 \| MD2 \| MD4 \| MD5 \| N-Hash \| RIPEMD \| SHA family \| Snefru \| Tiger \| VEST \| WHIRLPOOL \| crypt(3) DES
MAC algorithms: Data Authentication Code \| CBC-MAC \| HMAC \| OMAC/CMAC \| PMAC \| UMAC \| Poly1305-AES \| VEST
Authenticated encryption modes: CCM \| EAX \| GCM \| OCB \| VEST Attacks: Birthday attack \| Collision attack \| Preimage attack \| Brute force attack
Standardization: CRYPTREC \| NESSIE Misc: Avalanche effect \| Hash collision \| Hash functions based on block ciphers
edit Cryptography
History of cryptography \| Cryptanalysis \| Cryptography portal \| Topics in cryptography
Symmetric-key algorithm \| Block cipher \| Stream cipher \| Public-key cryptography \| Cryptographic hash function \| Message authentication code \| Random numbers