The MD2 hash function is not one-way

被引:0
作者
Muller, F [1 ]
机构
[1] DCSSI Crypto Lab 51, F-75700 Paris 07, SP, France
来源
ADVANCES IN CRYPTOLOGY - ASIACRYPT 2004, PROCEEDINGS | 2004年 / 3329卷
关键词
D O I
暂无
中图分类号
TP31 [计算机软件];
学科分类号
081202 ; 0835 ;
摘要
MD2 is an early hash function developed by Ron Rivest for RSA Security, that produces message digests of 128 bits. In this paper, 128 we show that MD2 does not reach the ideal security level of 2(128). We describe preimage attacks against the underlying compression function, the best of which has complexity of 2(73). As a result, the full MD2 hash 104 can be attacked in preimage with complexity of 2(104).
引用
收藏
页码:214 / 229
页数:16
相关论文
共 19 条
  • [1] BALENSON D, 1993, 1423 RFC
  • [2] Chabaud F, 1998, LECT NOTES COMPUT SC, V1462, P56, DOI 10.1007/BFb0055720
  • [3] Dobbertin H, 1998, LECT NOTES COMPUT SC, V1372, P284
  • [4] Dobbertin H., 1996, CRYPTOBYTES, V2, P1
  • [5] Dobbertin Hans, 1996, LECT NOTES COMPUTER, V1039, P53
  • [6] JOUX A, IN PRESS ADV CRYPTOL
  • [7] KALISKI BS, 1992, 1319 RFC RSA LAB
  • [8] Menezes AJ., 1997, HDB APPL CRYPTOGRAPH
  • [9] Preneel Bart, 1993, THESIS KATHOLIEKE U
  • [10] RIVEST R, 1992, 1321 RFC RSA LAB
12