MD2 (hash function): Difference between revisions

Browse history interactively

← Previous edit

Content deleted Content added

VisualWikitext

Revision as of 19:18, 30 January 2024 edit MrsGusted (talk \| contribs) 40 edits m Move reference around ← Previous edit		Latest revision as of 04:19, 31 December 2024 edit undo PEPSI697 (talk \| contribs) Extended confirmed users, Pending changes reviewers, Rollbackers 25,541 edits m Reverted edit by 117.254.186.112 (talk) to last version by Noncombatantorg Tags: Rollback Mobile edit Mobile web edit Advanced mobile edit
(9 intermediate revisions by 7 users not shown)
Line 7: <!-- General --> \| designers = [[Ronald Rivest]] \| publish date = August 1989<ref name="RFC 1115" />{{cite IETF \|ref= {{harvid\|RFC 1115}} \|last= Linn \|first= John \|rfc= 1115 \|date= August 1989 \|title= Privacy Enhancement for Internet Electronic Mail: Part III — Algorithms, Modes, and Identifiers \|section= 4.2 \|sectionname= RSA-MD2 Message Digest Algorithm \|others= Rivest, Ron \|publisher= [[Internet Engineering Task Force\|IETF]] \|access-date= 26 April 2021 }}</ref>▼ \| series = MD2, [[MD4]], [[MD5]], [[MD6]] \| derived from = Line 24 ⟶ 25: Even though MD2 is not yet fully compromised, the IETF retired MD2 to "historic" status in 2011, citing "signs of weakness". It is deprecated in favor of [[SHA-2\|SHA-256]] and other strong hashing algorithms.<ref>{{IETF RFC\|6149}}, MD2 to Historic Status</ref> Nevertheless, {{As of\|2014\|lc=on}}, it remained in use in [[public key infrastructure]]s as part of [[certificate (cryptography)\|certificate]]s generated with MD2 and [[RSA (algorithm)\|RSA]].{{cn\|reason=Which PKI(s)? The CA Browser Forum Baseline Requirements (WebPKI) do not allow it.\|date=September 2024}} ==Description== Line 66 ⟶ 67: ==Security== Rogier and Chauvaud ~~(1997)~~presented ~~described~~in 1995<ref name="Rogier Chauvaud 1995" /> collisions of MD2's [[One-way compression function\|compression function]], although they were unable to extend the attack to the full MD2. The described collisions was published in 1997.<ref name="Rogier Chauvaud 1997" /> In 2004, MD2 was shown to be vulnerable to a [[preimage attack]] with [[time complexity]] equivalent to 2<sup>104</sup> applications of the compression function.<ref name="Muller 2004" /> The author concludes, "MD2 can no longer be considered a secure one-way hash function". Line 88 ⟶ 89: <ref name="RFC 1319">{{cite IETF \|last= Kaliski \|first= Burt \|author-link1= Burt Kaliski \|rfc= 1319 \|date= April 1992 \|title= The MD2 Message-Digest Algorithm \|page= 3 \|publisher= [[Internet Engineering Task Force\|IETF]] \|access-date= 22 November 2014 }}</ref> <ref name="Knudsen et al 2009">{{Cite journal \|last1= Knudsen \|first1= Lars R. \|last2= Mathiassen \|first2= John Erik \|last3= Muller \|first3= Frédéric \|last4= Thomsen \|first4= Søren S. \|date= 2009 \|title=Cryptanalysis of MD2 \|journal= Journal of Cryptology \|volume= 23 \|pages= 72–90 \|s2cid= 2443076 \|doi= 10.1007/s00145-009-9054-1 \|doi-access= free }}</ref> ~~<ref name="RFC 1115">{{cite IETF \|ref= {{harvid\|RFC 1115}}~~ ▲\|last= Linn \|first= John \|rfc= 1115 \|date= August 1989 \|title= Privacy Enhancement for Internet Electronic Mail: Part III — Algorithms, Modes, and Identifiers \|section= 4.2 \|sectionname= RSA-MD2 Message Digest Algorithm \|others= Rivest, Ron \|publisher= [[Internet Engineering Task Force\|IETF]] \|access-date= 26 April 2021 }}</ref> <ref name="Muller 2004">{{cite conference \|last= Muller \|first= Frédéric \|date= 2004 \|title= The MD2 Hash Function is Not One-Way \|conference= ASIACRYPT 2004 \|pages= 214–229 \|doi= 10.1007/978-3-540-30539-2_16 \|url= https://www.iacr.org/conferences/asiacrypt2004/data/Asiacrypt2004/05%20Hash%20Functions/03_Frederic%20Muller.pdf \|access-date= 26 April 2021 \|via= [[International Association for Cryptologic Research]] \|doi-access= free }}</ref> <ref name="RSA PKCS #7">{{cite web \|author= RSA Laboratories \|title= What are MD2, MD4, and MD5? \|publisher= RSA Laboratories \|work= Public-Key Cryptography Standards (PKCS): PKCS #7: Cryptographic Message Syntax Standard \|url=http://www.emc.com/emc-plus/rsa-labs/standards-initiatives/md2-md4-and-md5.htm \|archive-url= https://web.archive.org/web/20170116172936/http://www.emc.com/emc-plus/rsa-labs/standards-initiatives/md2-md4-and-md5.htm \|archive-date= 16 January 2017 }}</ref> <ref name="Thomsen 2008">{{cite journal \|last= Thomsen \|first= Søren S. \|date= 2008 \|title= An Improved Preimage Attack on MD2 \|url= http://eprint.iacr.org/2008/089.pdf }}</ref> <ref name="Rogier Chauvaud 1997">{{cite journal \| last=Rogier \| first=N. \| last2=Chauvaud \| first2=Pascal \| title=MD2 is not Secure without the Checksum Byte \| journal=Designs, Codes and Cryptography \| volume=12 \| issue=3 \| date=1997 \| doi=10.1023/A:1008220711840 \| s2cid=21613457 \| pages=245–251}}</ref> <ref name="Rogier Chauvaud 1995">{{cite conference \|last1= Rogier \|first1= N. \|last2= Chauvaud \|first2= Pascal \|date= 18–19 May 1995 \|title= The Compression Function of MD2 is not Collision Free \|conference= Selected Areas in Cryptography (SAC) 1995, Ottawa, Canada \|type= workshop record }}</ref>▼ }} ==Further reading== {{refbegin}} {{cite conference \|last1= Knudsen \|first= Lars R. \|author-link1= Lars R. Knudsen \|last2= Mathiassen \|first2= John Erik \|date= 21–23 February 2005 \|title= Preimage and Collision Attacks on MD2 \|conference= Fast Software Encryption (FSE) 2005 \|url= https://www.iacr.org/cryptodb/archive/2005/FSE/3106/3106.pdf \|access-date= 26 April 2021 }} ▲* {{cite conference \|last1= Rogier \|first1= N. \|last2= Chauvaud \|first2= Pascal \|date= 18–19 May 1995 \|title= The Compression Function of MD2 is not Collision Free \|conference= Selected Areas in Cryptography (SAC) 1995, Ottawa, Canada \|type= workshop record }} {{refend}}