MDC-2


In cryptography, MDC-2 is a cryptographic hash function. MDC-2 is a hash function based on a block cipher with a proof of security in the ideal-cipher model. The length of the output hash depends on the underlying block cipher used.

Algorithm

For a given message to hash and a given block cipher encryption function, the MDC-2 algorithm proceeds as follows. Let be the block length, two different constants of size. If where each has size, then the hash of the message is given by:
When MDC-2 uses the DES block cipher, the 128-bit MDC-2 hashes are typically represented as 32-digit hexadecimal numbers. is chosen as the 8-byte string 5252525252525252 and is chosen as the 8-byte string 2525252525252525. Additionally, before each iteration the first byte A of recalculated as ^ 0x20 and the first byte B of is recalculated as ^ 0x20.
The following demonstrates a 43-byte ASCII input and the corresponding MDC-2 hash:
MDC2
= 000ed54e093d61679aefbeae05bfe33a
Even a small change in the message will result in a completely different hash, e.g. changing d to c:
MDC2
= 775f59f8e51aec29c57ac6ab850d58e8
The hash of the zero-length string is:
MDC2
= 52525252525252522525252525252525

Patent issues

MDC-2 was covered by, issued on March 13, 1990 but filed by IBM on August 28, 1987. Because of patent concerns support for MDC-2 has been disabled in OpenSSL on most Linux distributions and is not implemented by many other cryptographic libraries. It is implemented in GPG's libgcrypt.
The patent was due to expire on August 28, 2007, twenty years after the filing date. It actually expired in 2002 because IBM did not pay the renewal fee. The Canadian patent was not renewed and no European patent was granted so MDC-2 can now be freely used.