Editing MD2 (hash function) (section)

{{Short description|Obsolete cryptographic hash function}}
{{use dmy dates|date=April 2021}}
{{Infobox cryptographic hash function
| name           = MD2
| image          = 
| caption        = 
<!-- General -->
| designers      = [[Ronald Rivest]]
| publish date   = August 1989<ref name="RFC 1115">{{cite IETF |ref= {{harvid|RFC 1115}}
|last= Linn |first= John |rfc= 1115 |date= August 1989 |title= Privacy Enhancement for Internet Electronic Mail: Part III — Algorithms, Modes, and Identifiers |section= 4.2 |sectionname= RSA-MD2 Message Digest Algorithm |others= Rivest, Ron |publisher= [[Internet Engineering Task Force|IETF]] |access-date= 26 April 2021 }}</ref>
| series         = MD2, [[MD4]], [[MD5]], [[MD6]]
| derived from   = 
| derived to     = 
| related to     = 
| certification  = 
<!-- Detail -->
| digest size    = 128 bits
| structure      = 
| rounds         = 18
| cryptanalysis  = 
}}

The '''MD2 Message-Digest Algorithm''' is a [[cryptographic hash function]] developed by [[Ronald Rivest]] in 1989.<ref name="RSA PKCS #7" /> The algorithm is optimized for [[8-bit]] computers. MD2 is specified in  [[Request for Comments|IETF RFC]] 1319.<ref name="RFC 1319" /> The "MD" in MD2 stands for "Message Digest".

Even though MD2 is not yet fully compromised, the IETF retired MD2 to "historic" status in 2011, citing "signs of weakness". It is deprecated in favor of [[SHA-2|SHA-256]] and other strong hashing algorithms.<ref>{{IETF RFC|6149}}, MD2 to Historic Status</ref>

Nevertheless, {{As of|2014|lc=on}}, it remained in use in [[public key infrastructure]]s as part of [[certificate (cryptography)|certificate]]s generated with MD2 and [[RSA (algorithm)|RSA]].{{cn|reason=Which PKI(s)? The CA Browser Forum Baseline Requirements (WebPKI) do not allow it.|date=September 2024}}