Abstract
In 1989, Ron Rivest introduced the MD2 Message Digest Algorithm which takes as input a message of arbitrary length and produces as output a 128-bit message digest, by appending some redundancy to the message and then iteratively applying a 32 bytes to 16 bytes compression function. MD2 Message Digest Algorithm is one of the most frequently used hashing function with MD4, MD5, SHA, SHA-1. Some attacks against MD4 and MD5 have been presented by Dobbertin. Up to now, no attack against MD2 has been presented.
This function has been updated in 1993 in the RFC 1423 document. It was conjectured that the number of operations needed to get two messages having the same message digest is on the order of 264 (using the birthday paradox), and that the complexity of inverting the hash function is on the order of 2128 operations. No attack against this function has been published so far. In this paper, we propose a low complexity method to find collisions for the compression function of MD2. The easiness to find these collisions could imply that the first conjecture is false if these collisions can be used to make global collisions for MD2.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
References
B. Kaliski, The message digest algorithm MD2, RFC1115, RSA Laboratories, (1992).
I. B. Damgård, A design principle for hash functions, Advances in Cryptology: CRYPTO '89, Lecture Notes in Computer Science, 435 (1990) pp. 416–427.
B. Preneel, Analysis and design of cryptographic hash functions, Katholieke Universiteit Leuven, Thesis (1993).
Author information
Authors and Affiliations
Rights and permissions
About this article
Cite this article
Rogier, N., Chauvaud, P. Md2 is not Secure Without the Checksum Byte. Designs, Codes and Cryptography 12, 245–251 (1997). https://doi.org/10.1023/A:1008220711840
Issue Date:
DOI: https://doi.org/10.1023/A:1008220711840