1

I'm trying to implement MD2 from scratch of RFC 1319. It feels like there is a gap between steps 3.2 & 3.3.

After step 2, the checksum C is appended to the message and never mentioned again. We start 18 rounds of XOR-ing for each block using MD buffer X, which will contain the final result.

But when I look at most MD2 implementations, it looks like the checksum serves as an internal state of the algorithm and being re-calculated during each block processing, e.g. in this Rust implementation.

Is it implied somewhere in the description or pseudocode?

Community
  • 1
Aio
  • 11
  • 1

1 Answers1

3

Yes. RFC 1319 references

"RFC 1115 [3], which also gives a reference implementation of MD2"

and RFC 1115 is obsoleted by RFC 1423, which states

An error has been identified in RFC 1319.  The
   statement in the text of Section 3.2 which reads "Set C[j] to S[c xor
   L]" should read "Set C[j] to S[c xor L] xor C[j]"

In the errata of RFC 1319, this issue is pointed out (errata id 555): https://www.rfc-editor.org/errata/eid555, but for some reason RFC 1319 was not obsoleted by RFC 1423 like RFC 1115 was.

Brad Brown
  • 31
  • 3