Md2 is not Secure Without the Checksum Byte

  title={Md2 is not Secure Without the Checksum Byte},
  author={N. Rogier and Pascal Chauvaud},
  journal={Designs, Codes and Cryptography},
In 1989, Ron Rivest introduced the MD2 Message Digest Algorithm which takes as input a message of arbitrary length and produces as output a 128-bit message digest, by appending some redundancy to the message and then iteratively applying a 32 bytes to 16 bytes compression function. MD2 Message Digest Algorithm is one of the most frequently used hashing function with MD4, MD5, SHA, SHA-1. Some attacks against MD4 and MD5 have been presented by Dobbertin. Up to now, no attack against MD2 has been… 

Preimage and Collision Attacks on MD2

This paper contains several attacks on the hash function MD2 which has a hash code size of 128 bits, which lead to the first known (pseudo) collisions for the full MD2 (including the checksum), but where the initial values differ.

The MD2 Hash Function Is Not One-Way

  • F. Muller
  • Computer Science, Mathematics
  • 2004
It is shown that MD2 does not reach the ideal security level of 2128, and the full MD2 hash can be attacked in preimage with complexity of 2104.

On hash functions using checksums

We analyse the security of iterated hash functions that compute an input dependent checksum which is processed as part of the hash computation. We show that a large class of such schemes, including

Hash functions

  • B. Preneel
  • Computer Science, Mathematics
    Encyclopedia of Cryptography and Security
  • 2005
This chapter considers Hash functions, which are used in many parts of cryptography, and there are many different types of hash functions, with differing security properties.

Cryptanalysis of MD2

The state-of-the-art cryptanalytic results on MD2 are contained, in particular collision and preimage attacks on the full hash function, the latter having complexity 273, which should be compared to a brute-force attack of complexity 2128.

Neutrality-Based Symmetric Cryptanalysis

This thesis concerns cryptanalysis of stream ciphers and hash functions, and introduces the concept of probabilistic neutrality for the arguments of a function, a generalization of the definition of neutrality.

Cryptographic Primitives for Information Authentication - State of the Art

  • B. Preneel
  • Computer Science, Mathematics
    State of the Art in Applied Cryptography
  • 1997
The state of the art for cryptographic primitives that are used for protecting the authenticity of information are described: cryptographic hash functions and digital signature schemes; the first class can be divided into Manipulation Detection Codes (MDCs) and Message Authentication Codes (or MACs).

Towards Designing Greener Secured Hash Functions

  • Priyanka D. HarishSwapnoneel Roy
  • Computer Science
    2014 IEEE International Conference on Internet of Things(iThings), and IEEE Green Computing and Communications (GreenCom) and IEEE Cyber, Physical and Social Computing (CPSCom)
  • 2014
This work measures power consumption by a common anti-virus software to perform various functions, and shows how to reduce the energy consumption in MD2 by performing the block processing operations of MD2 in parallel.

Innocipher: A Novel Innocent-Cipher-Based Cryptography Paradigm—High Level of Security for Fooling the Enemy

  • A. Desoky
  • Computer Science, Mathematics
    Inf. Secur. J. A Glob. Perspect.
  • 2013
The presented implementation and validation of Innocipher demonstrates the robust capabilities of achieving the goal of securing information in static stage and during data transmission to its legitimate recipient.

Practical Computer Security through Cryptography

A survey of contemporary security software demonstrates that tools based on cryptographic techniques, such as Kerberos, ssh, and PGP, are readily available and effectively close many of the most serious security holes.


A Design Principle for Hash Functions

Apart from suggesting a generally sound design principle for hash functions, the results give a unified view of several apparently unrelated constructions of hash functions proposed earlier, and suggests changes to other proposed constructions to make a proof of security potentially easier.