MD2 (cryptography)

MD2 (cryptography)

Infobox cryptographic hash function
name = MD2


caption =
designers = Ronald Rivest
publish date = April 1992
series = MD, MD2, MD3, MD4, MD5
derived from =
derived to =
related to =
certification =
digest size = 128 bits
structure =
rounds = 18
cryptanalysis =

Message Digest Algorithm 2 (MD2) is a cryptographic hash function developed by Ronald Rivest in 1989. The algorithm is optimized for 8-bit computers. MD2 is specified in RFC 1319. Although other algorithms have been proposed since, such as MD4, MD5 and SHA, even as of 2004 MD2 remains in use in public key infrastructures as part of certificates generated with MD2 and RSA.

Description

The 128-bit hash value of any message is formed by padding it to a multiple of the block length on the computer (128 bits or 16 bytes) and adding a 16-byte checksum to it. For the actual calculation, a 48-byte auxiliary block and a 256-byte S-table generated indirectly from the digits of the fractional part of pi are used. The algorithm runs through a loop where it permutes each byte in the auxiliary block 18 times for every 16 input bytes processed. Once all of the blocks of the (lengthened) message have been processed, the first partial block of the auxiliary block becomes the hash value of the message.

The S-table's values, in hex are:

0x29, 0x2E, 0x43, 0xC9, 0xA2, 0xD8, 0x7C, 0x01, 0x3D, 0x36, 0x54, 0xA1, 0xEC, 0xF0, 0x06, 0x13, 0x62, 0xA7, 0x05, 0xF3, 0xC0, 0xC7, 0x73, 0x8C, 0x98, 0x93, 0x2B, 0xD9, 0xBC, 0x4C, 0x82, 0xCA, 0x1E, 0x9B, 0x57, 0x3C, 0xFD, 0xD4, 0xE0, 0x16, 0x67, 0x42, 0x6F, 0x18, 0x8A, 0x17, 0xE5, 0x12, 0xBE, 0x4E, 0xC4, 0xD6, 0xDA, 0x9E, 0xDE, 0x49, 0xA0, 0xFB, 0xF5, 0x8E, 0xBB, 0x2F, 0xEE, 0x7A, 0xA9, 0x68, 0x79, 0x91, 0x15, 0xB2, 0x07, 0x3F, 0x94, 0xC2, 0x10, 0x89, 0x0B, 0x22, 0x5F, 0x21, 0x80, 0x7F, 0x5D, 0x9A, 0x5A, 0x90, 0x32, 0x27, 0x35, 0x3E, 0xCC, 0xE7, 0xBF, 0xF7, 0x97, 0x03, 0xFF, 0x19, 0x30, 0xB3, 0x48, 0xA5, 0xB5, 0xD1, 0xD7, 0x5E, 0x92, 0x2A, 0xAC, 0x56, 0xAA, 0xC6, 0x4F, 0xB8, 0x38, 0xD2, 0x96, 0xA4, 0x7D, 0xB6, 0x76, 0xFC, 0x6B, 0xE2, 0x9C, 0x74, 0x04, 0xF1, 0x45, 0x9D, 0x70, 0x59, 0x64, 0x71, 0x87, 0x20, 0x86, 0x5B, 0xCF, 0x65, 0xE6, 0x2D, 0xA8, 0x02, 0x1B, 0x60, 0x25, 0xAD, 0xAE, 0xB0, 0xB9, 0xF6, 0x1C, 0x46, 0x61, 0x69, 0x34, 0x40, 0x7E, 0x0F, 0x55, 0x47, 0xA3, 0x23, 0xDD, 0x51, 0xAF, 0x3A, 0xC3, 0x5C, 0xF9, 0xCE, 0xBA, 0xC5, 0xEA, 0x26, 0x2C, 0x53, 0x0D, 0x6E, 0x85, 0x28, 0x84, 0x09, 0xD3, 0xDF, 0xCD, 0xF4, 0x41, 0x81, 0x4D, 0x52, 0x6A, 0xDC, 0x37, 0xC8, 0x6C, 0xC1, 0xAB, 0xFA, 0x24, 0xE1, 0x7B, 0x08, 0x0C, 0xBD, 0xB1, 0x4A, 0x78, 0x88, 0x95, 0x8B, 0xE3, 0x63, 0xE8, 0x6D, 0xE9, 0xCB, 0xD5, 0xFE, 0x3B, 0x00, 0x1D, 0x39, 0xF2, 0xEF, 0xB7, 0x0E, 0x66, 0x58, 0xD0, 0xE4, 0xA6, 0x77, 0x72, 0xF8, 0xEB, 0x75, 0x4B, 0x0A, 0x31, 0x44, 0x50, 0xB4, 0x8F, 0xED, 0x1F, 0x1A, 0xDB, 0x99, 0x8D, 0x33, 0x9F, 0x11, 0x83, 0x14

MD2 hashes

The 128-bit (16-byte) MD2 hashes (also termed "message digests") are typically represented as 32-digit hexadecimal numbers. The following demonstrates a 43-byte ASCII input and the corresponding MD2 hash:

MD2("The quick brown fox jumps over the lazy dog") = 03d85a0d629d2c442e987525319fc471

Even a small change in the message will (with overwhelming probability) result in a completely different hash, e.g. changing d to c:

MD2("The quick brown fox jumps over the lazy cog") = 6b890c9292668cdbbfda00a4ebf31f05The hash of the zero-length string is:

MD2("") = 8350e5a3e24c153df2275c9f80692773

ecurity

Rogier and Chauvaud (1997) described collisions of MD2's compression function, although they were unable to extend the attack to the full MD2.

In 2004, MD2 was shown to be vulnerable to a preimage attack with time complexity equivalent to 2104 applications of the compression function (Muller, 2004). The author concludes, "MD2 can no longer be considered a secure one-way hash function".

References

* John Linn, RFC 1115 - Privacy Enhancement for Internet Electronic Mail: Part III -- Algorithms, Modes, and Identifiers, Section 4.2, August 1989, Source by Ron L. Rivest October, 1988.
* Burt Kaliski, RFC 1319 - MD2 Message Digest Algorithm, April 1992.
* N. Rogier, Pascal Chauvaud, The compression function of MD2 is not collision free, "Selected Areas in Cryptography - SAC'95 Ottawa", Canada, May 18-19, 1995 (workshop record).
* N. Rogier, Pascal Chauvaud, MD2 is not Secure without the Checksum Byte, "Designs, Codes and Cryptography", 12(3), pp245–251, 1997.
* Frédéric Muller, The MD2 Hash Function is Not One-Way, ASIACRYPT 2004, pp214–229.
* Lars R. Knudsen and John Erik Mathiassen, Preimage and Collision Attacks on MD2. FSE 2005.

External links

* [http://www.paulschou.com/tools/xlate/ Online Char (ASCII), HEX, Binary, Base64, etc... Encoder/Decoder with MD2, MD4, MD5, SHA1+2, etc. hashing algorithms]
* [http://hashkiller.com/password/ Online MD2 calculation and other hashes]


Wikimedia Foundation. 2010.

Игры ⚽ Нужно сделать НИР?

Look at other dictionaries:

  • MD2 — can refer to: MD2 (cryptography) MD 2 (immunology) Maryland s 2nd congressional district Maryland Route 2 MD2 (file format) IMBEL MD2 Rifle This disambiguation page lists articles associated with the same title formed as a letter number… …   Wikipedia

  • MD2 — Криптографическая хеш функция Название MD2 Создан 1989 г. Опубликован апрель 1992 г. Размер хеша 128 бит Число раундов 18 Тип хеш функция MD2 (The MD2 Message Diges …   Википедия

  • Salt (cryptography) — In cryptography, a salt consists of random bits, creating one of the inputs to a one way function. The other input is usually a password or passphrase. The output of the one way function can be stored rather than the password, and still be used… …   Wikipedia

  • Tiger (cryptography) — Tiger General Designers Ross Anderson and Eli Biham First published 1996 Detail Digest sizes 192, 128, 160 Rounds 24 In cryptography, Tiger is a …   Wikipedia

  • Panama (cryptography) — Panama General Designers Joan Daemen, Craig Clapp First published February 2002 Derived from StepRightUp Successors MUGI Cipher detail …   Wikipedia

  • MD4 — General Designers Ronald Rivest First published October 1990[1] Series MD2, MD4, MD5, MD6 Detail Dige …   Wikipedia

  • Comparison of cryptographic hash functions — The following tables compare general and technical information for a number of cryptographic hash functions.[1] Contents 1 General information 1.1 Notes 2 Compression function …   Wikipedia

  • MD6 — General Designers Ronald Rivest, Benjamin Agre, Dan Bailey, Sarah Cheng, Christopher Crutchfield, Yevgeniy Dodis, Kermin Fleming, Asif Khan, Jayant Krishnamurthy, Yuncheng Lin, Leo Reyzin, Emily Shen, Jim Sukha, Eran Tromer, Yiqun Lisa Yin First… …   Wikipedia

  • Cryptographic hash function — A cryptographic hash function (specifically, SHA 1) at work. Note that even small changes in the source input (here in the word over ) drastically change the resulting output, by the so called avalanche effect. A cryptographic hash function is a… …   Wikipedia

  • MD5 — General Designers Ronald Rivest First published April 1992 Series MD2, MD4, MD5, MD6 Detail Digest sizes 128 bits …   Wikipedia

Share the article and excerpts

Direct link
Do a right-click on the link above
and select “Copy Link”