Preimage and Collision Attacks on MD2

نویسندگان

  • Lars R. Knudsen
  • John Erik Mathiassen
چکیده

This paper contains several attacks on the hash function MD2 which has a hash code size of 128 bits. At Asiacrypt 2004 Muller presents the first known preimage attack on MD2. The time complexity of the attack is about 2 and the preimages consist always of 128 blocks. We present a preimage attack of complexity about 2 with the further advantage that the preimages are of variable lengths. Moreover we are always able to find many preimages for one given hash value. Also we introduce many new collisions for the MD2 compression function, which lead to the first known (pseudo) collisions for the full MD2 (including the checksum), but where the initial values differ. Finally we present a pseudo preimage attack of complexity 2 but where the preimages can have any desired lengths.

برای دانلود رایگان متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

The MD2 Hash Function Is Not One-Way

MD2 is an early hash function developed by Ron Rivest for RSA Security, that produces message digests of 128 bits. In this paper, we show that MD2 does not reach the ideal security level of 2. We describe preimage attacks against the underlying compression function, the best of which has complexity of 2. As a result, the full MD2 hash can be attacked in preimage with complexity of 2.

متن کامل

Breaking the Even-Mansour Hash Function: Collision and Preimage Attacks on JH and Grøstl

The Even-Mansour structure and the chopMD mode are two widely-used strategies in hash function designs. They are adopted by many hash functions including two SHA-3 finalists, the JH hash function and the Grøstl hash function. The Even-Mansour structure combining the chopMD mode is supposed to enhance the security of hash functions against collision and preimage attacks, while our results show t...

متن کامل

An improved preimage attack on MD2

This paper describes an improved preimage attack on the cryptographic hash function MD2. The attack has complexity equivalent to about 2 evaluations of the MD2 compression function. This is to be compared with the previous best known preimage attack, which has complexity about 2.

متن کامل

Converting Meet-In-The-Middle Preimage Attack into Pseudo Collision Attack: Application to SHA-2

In this paper, we present a new technique to construct a collision attack from a particular preimage attack which is called a partial target preimage attack. Since most of the recent meet-in-the-middle preimage attacks can be regarded as the partial target preimage attack, a collision attack is derived from the meet-in-the-middle preimage attack. By using our technique, pseudo collisions of the...

متن کامل

PKI Layer Cake: New Collision Attacks against the Global X.509 Infrastructure

Research unveiled in December of 2008 [15] showed how MD5’s long-known flaws could be actively exploited to attack the real-world Certification Authority infrastructure. In this paper, we demonstrate two new classes of collision, which will be somewhat trickier to address than previous attacks against X.509: the applicability of MD2 preimage attacks against the primary root certificate for Veri...

متن کامل

ذخیره در منابع من

ذخیره در منابع من قبلا به منابع من ذحیره شده

{@ msg_add @}


  با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

عنوان ژورنال:

دوره   شماره 

صفحات  -

تاریخ انتشار 2005