Browse Prior Art Database

The MD2 Message-Digest Algorithm (RFC1319)

IP.com Disclosure Number: IPCOM000002140D
Original Publication Date: 1992-Apr-01
Included in the Prior Art Database: 2019-Feb-11
Document File: 17 page(s) / 18K

Publishing Venue

Internet Society Requests For Comment (RFCs)

Related People

B. Kaliski: AUTHOR

Related Documents

10.17487/RFC1319: DOI

Abstract

This document describes the MD2 message-digest algorithm. The algorithm takes as input a message of arbitrary length and produces as output a 128-bit "fingerprint" or "message digest" of the input. This memo provides information for the Internet community. It does not specify an Internet standard.

This text was extracted from a PDF file.
This is the abbreviated version, containing approximately 15% of the total text.

Network Working Group B. Kaliski Request for Comments: 1319 RSA Laboratories Updates: RFC 1115 April 1992

The MD2 Message-Digest Algorithm

Status of this Memo

This memo provides information for the Internet community. It does not specify an Internet standard. Distribution of this memo is unlimited.

Acknowlegements

The description of MD2 is based on material prepared by John Linn and Ron Rivest. Their permission to incorporate that material is greatly appreciated.

Table of Contents

1. Executive Summary 1 2. Terminology and Notation 2 3. MD2 Algorithm Description 2 4. Summary 4 References 5 APPENDIX A - Reference Implementation 5 Security Considerations 17 Author’s Address 17

1. Executive Summary

This document describes the MD2 message-digest algorithm. The algorithm takes as input a message of arbitrary length and produces as output a 128-bit "fingerprint" or "message digest" of the input. It is conjectured that it is computationally infeasible to produce two messages having the same message digest, or to produce any message having a given prespecified target message digest. The MD2 algorithm is intended for digital signature applications, where a large file must be "compressed" in a secure manner before being signed with a private (secret) key under a public-key cryptosystem such as RSA.

License to use MD2 is granted for non-commerical Internet Privacy- Enhanced Mail [1-3].

This document is an update to the August 1989 RFC 1115 [3], which also gives a reference implementation of MD2. The main differences

Kaliski [Page 1]

RFC 1319 MD2 Message-Digest Algorithm April 1992

are that a textual description of MD2 is included, and that the reference implementation of MD2 is more portable.

For OSI-based applications, MD2’s object identifier is

md2 OBJECT IDENTIFIER ::= iso(1) member-body(2) US(840) rsadsi(113549) digestAlgorithm(2) 2}

In the X.509 type AlgorithmIdentifier [4], the parameters for MD2 should have type NULL.

2. Terminology and Notation

In this document, a "byte" is an eight-bit quantity.

Let x_i denote "x sub i". If the subscript is an expression, we surround it in braces, as in x_{i+1}. Similarly, we use ^ for superscripts (exponentiation), so that x^i denotes x to the i-th power.

Let X xor Y denote the bit-wise XOR of X and Y.

3. MD2 Algorithm Description

We begin by supposing that we have a b-byte message as input, and that we wish to find its message digest. Here b is an arbitrary nonnegative integer; b may be zero, and it may be arbitrarily large. We imagine the bytes of the message written down as follows:

m_0 m_1 ... m_{b-1}

The following five steps are performed to compute the message digest of the message.

3.1 Step 1. Append Padding Bytes

The message is "padded" (extended) so that its length (in bytes) is congruent to 0, modulo 16. That is, the message is extended so that it is a multiple of 16 bytes long. Padding is always performed, even if the length of the message is already congruent to 0, modulo 16.

Padding is performed as...

Processing...
Loading...