NAME
MD4Init
,
MD4Update
, MD4Pad
,
MD4Final
, MD4Transform
,
MD4End
, MD4File
,
MD4FileChunk
, MD4Data
— calculate the RSA Data
Security, Inc., ``MD4'' message digest
SYNOPSIS
#include
<sys/types.h>
#include <md4.h>
void
MD4Init
(MD4_CTX
*context);
void
MD4Update
(MD4_CTX
*context, const u_int8_t
*data, size_t
len);
void
MD4Pad
(MD4_CTX
*context);
void
MD4Final
(u_int8_t
digest[MD4_DIGEST_LENGTH],
MD4_CTX *context);
void
MD4Transform
(u_int32_t
state[4], u_int8_t
block[MD4_BLOCK_LENGTH]);
char *
MD4End
(MD4_CTX
*context, char
*buf);
char *
MD4File
(const
char *filename, char
*buf);
char *
MD4FileChunk
(const
char *filename, char
*buf, off_t offset,
off_t length);
char *
MD4Data
(const
u_int8_t *data, size_t
len, char
*buf);
DESCRIPTION
The MD4 functions calculate a 128-bit cryptographic checksum (digest) for any number of input bytes. A cryptographic checksum is a one-way hash-function, that is, you cannot find (except by exhaustive search) the input corresponding to a particular output. This net result is a “fingerprint” of the input-data, which doesn't disclose the actual input.
MD4 and MD5 have been broken; they should only be used where necessary for backward compatibility. The attacks on both MD4 and MD5 are both in the nature of finding “collisions” - that is, multiple inputs which hash to the same value; it is still unlikely for an attacker to be able to determine the exact original input given a hash value.
The
MD4Init
(),
MD4Update
(),
and MD4Final
() functions are the core functions.
Allocate an MD4_CTX, initialize it with MD4Init
(),
run over the data with MD4Update
(), and finally
extract the result using MD4Final
().
The
MD4Pad
()
function can be used to apply padding to the message digest as in
MD4Final
(),
but the current context can still be used with
MD4Update
().
The
MD4Transform
()
function is used by
MD4Update
()
to hash 512-bit blocks and forms the core of the algorithm. Most programs
should use the interface provided by MD4Init
(),
MD4Update
() and MD4Final
()
instead of calling MD4Transform
() directly.
MD4End
()
is a wrapper for
MD4Final
()
which converts the return value to an MD4_DIGEST_STRING_LENGTH-character
(including the terminating '\0') ASCII string which represents the 128 bits
in hexadecimal.
MD4File
()
calculates the digest of a file, and uses MD4End
()
to return the result. If the file cannot be opened, a null pointer is
returned.
MD4FileChunk
()
behaves like MD4File
() but calculates the digest
only for that portion of the file starting at offset
and continuing for length bytes or until end of file
is reached, whichever comes first. A zero length can
be specified to read until end of file. A negative
length or offset will be
ignored.
MD4Data
()
calculates the digest of a chunk of data in memory, and uses
MD4End
() to return the result.
When using
MD4End
(),
MD4File
(), MD4FileChunk
(),
or MD4Data
(), the buf argument
can be a null pointer, in which case the returned string is allocated with
malloc(3) and subsequently must be explicitly deallocated using
free(3) after use. If the buf argument is
non-null it must point to at least MD4_DIGEST_STRING_LENGTH characters of
buffer space.
SEE ALSO
cksum(1), md5(1), md5(3), rmd160(3), sha1(3), sha2(3)
RSA Laboratories, Frequently Asked Questions About today's Cryptography, http://www.rsa.com/rsalabs/faq/.
H. Dobbertin, Alf Swindles Ann, CryptoBytes, 1(3):5, 1995.
MJ. B. Robshaw, On Recent Results for MD4 and MD5, RSA Laboratories Bulletin, 4, November 12, 1996.
Hans Dobbertin, Cryptanalysis of MD5 Compress.
STANDARDS
R. Rivest, The MD4 Message Digest Algorithm, RFC 1186, October 1990.
R. Rivest, The MD5 Message Digest Algorithm, RFC 1321, April 1992.
HISTORY
These functions appeared in OpenBSD 2.0.
AUTHORS
The original MD4 routines were developed by RSA Data Security, Inc., and published in the above references. This code is derived from a public domain implementation written by Colin Plumb.
The MD4End
(),
MD4File
(), MD4FileChunk
(),
and MD4Data
() helper functions are derived from code
written by Poul-Henning Kamp.
BUGS
Collisions have been found for the full versions of both MD4 and MD5. The use of sha2(3) is recommended instead.