Portal de Periódicos da CAPES

The MD2 Hash Function Is Not One-Way

2004; Springer Science+Business Media; Linguagem: Inglês

10.1007/978-3-540-30539-2_16

1611-3349

Frédéric Muller,

Coding theory and cryptography

MD2 is an early hash function developed by Ron Rivest for RSA Security, that produces message digests of 128 bits. In this paper, we show that MD2 does not reach the ideal security level of 2128. We describe preimage attacks against the underlying compression function, the best of which has complexity of 273. As a result, the full MD2 hash can be attacked in preimage with complexity of 2104.