Provided by: libmd-dev_1.1.0-2build1_amd64 bug

NAME

     MD4Init, MD4Update, MD4Pad, MD4Final, MD4Transform, MD4End, MD4File, MD4FileChunk, MD4Data —
     calculate the RSA Data Security, Inc., “MD4” message digest

LIBRARY

     Message Digest (MD4, MD5, etc.) Support Library (libmd, -lmd)

SYNOPSIS

     #include <sys/types.h>
     #include <md4.h>

     void
     MD4Init(MD4_CTX *context);

     void
     MD4Update(MD4_CTX *context, const uint8_t *data, size_t len);

     void
     MD4Pad(MD4_CTX *context);

     void
     MD4Final(uint8_t digest[MD4_DIGEST_LENGTH], MD4_CTX *context);

     void
     MD4Transform(uint32_t state[4], uint8_t block[MD4_BLOCK_LENGTH]);

     char *
     MD4End(MD4_CTX *context, char *buf);

     char *
     MD4File(const char *filename, char *buf);

     char *
     MD4FileChunk(const char *filename, char *buf, off_t offset, off_t length);

     char *
     MD4Data(const uint8_t *data, size_t len, char *buf);

DESCRIPTION

     The MD4 functions calculate a 128-bit cryptographic checksum (digest) for any number of
     input bytes.  A cryptographic checksum is a one-way hash-function, that is, you cannot find
     (except by exhaustive search) the input corresponding to a particular output.  This net
     result is a “fingerprint” of the input-data, which doesn't disclose the actual input.

     MD2 is the slowest, MD4 is the fastest and MD5 is somewhere in the middle.  MD2 can only be
     used for Privacy-Enhanced Mail.  MD4 has been criticized for being too weak, so MD5 was
     developed in response as ``MD4 with safety-belts''.  MD4 and MD5 have been broken; they
     should only be used where necessary for backward compatibility.  The attacks on both MD4 and
     MD5 are both in the nature of finding “collisions” - that is, multiple inputs which hash to
     the same value; it is still unlikely for an attacker to be able to determine the exact
     original input given a hash value.

     The MD4Init(), MD4Update(), and MD4Final() functions are the core functions.  Allocate an
     MD4_CTX, initialize it with MD4Init(), run over the data with MD4Update(), and finally
     extract the result using MD4Final().

     The MD4Pad() function can be used to apply padding to the message digest as in MD4Final(),
     but the current context can still be used with MD4Update().

     The MD4Transform() function is used by MD4Update() to hash 512-bit blocks and forms the core
     of the algorithm.  Most programs should use the interface provided by MD4Init(), MD4Update()
     and MD4Final() instead of calling MD4Transform() directly.

     MD4End() is a wrapper for MD4Final() which converts the return value to an
     MD4_DIGEST_STRING_LENGTH-character (including the terminating '\0') ASCII string which
     represents the 128 bits in hexadecimal.

     MD4File() calculates the digest of a file, and uses MD4End() to return the result.  If the
     file cannot be opened, a null pointer is returned.

     MD4FileChunk() behaves like MD4File() but calculates the digest only for that portion of the
     file starting at offset and continuing for length bytes or until end of file is reached,
     whichever comes first.  A zero length can be specified to read until end of file.  A
     negative length or offset will be ignored.  MD4Data() calculates the digest of a chunk of
     data in memory, and uses MD4End() to return the result.

     When using MD4End(), MD4File(), MD4FileChunk(), or MD4Data(), the buf argument can be a null
     pointer, in which case the returned string is allocated with malloc(3) and subsequently must
     be explicitly deallocated using free(3) after use.  If the buf argument is non-null it must
     point to at least MD4_DIGEST_STRING_LENGTH characters of buffer space.

SEE ALSO

     md2(3), md4(3), md5(3), rmd160(3), sha1(3), sha2(3)

     B. Kaliski, The MD2 Message-Digest Algorithm, RFC 1319.

     R. Rivest, The MD4 Message-Digest Algorithm, RFC 1186.

     R. Rivest, The MD5 Message-Digest Algorithm, RFC 1321.

     RSA Laboratories, Frequently Asked Questions About today's Cryptography,
     <http://www.rsa.com/rsalabs/faq/>.

     H. Dobbertin, “Alf Swindles Ann”, CryptoBytes, 1(3):5, 1995.

     MJ. B. Robshaw, “On Recent Results for MD4 and MD5”, RSA Laboratories Bulletin, 4, November
     12, 1996.

     Hans Dobbertin, Cryptanalysis of MD5 Compress.

HISTORY

     These functions appeared in OpenBSD 2.0 and NetBSD 1.3.

AUTHORS

     The original MD4 routines were developed by RSA Data Security, Inc., and published in the
     above references.  This code is derived from a public domain implementation written by Colin
     Plumb.

     The MD4End(), MD4File(), MD4FileChunk(), and MD4Data() helper functions are derived from
     code written by Poul-Henning Kamp.

BUGS

     Collisions have been found for the full versions of both MD4 and MD5.  The use of sha2(3) is
     recommended instead.