Provided by: libmd-dev_1.0.0-1_amd64 bug

NAME
     MD2Init, MD2Update, MD2Pad, MD2Final, MD2Transform, MD2End, MD2File, MD2FileChunk, MD2Data — calculate the
     RSA Data Security, Inc., “MD2” message digest


LIBRARY
     Message Digest (MD4, MD5, etc.) Support Library (libmd, -lmd)


SYNOPSIS
     #include <sys/types.h>
     #include <md2.h>

     void
     MD2Init(MD2_CTX *context);

     void
     MD2Update(MD2_CTX *context, const uint8_t *data, size_t len);

     void
     MD2Pad(MD2_CTX *context);

     void
     MD2Final(uint8_t digest[MD2_DIGEST_LENGTH], MD2_CTX *context);

     void
     MD2Transform(uint32_t state[4], uint8_t block[MD2_BLOCK_LENGTH]);

     char *
     MD2End(MD2_CTX *context, char *buf);

     char *
     MD2File(const char *filename, char *buf);

     char *
     MD2FileChunk(const char *filename, char *buf, off_t offset, off_t length);

     char *
     MD2Data(const uint8_t *data, size_t len, char *buf);


DESCRIPTION
     The MD2 functions calculate a 128-bit cryptographic checksum (digest) for any number of input bytes.  A
     cryptographic checksum is a one-way hash-function, that is, you cannot find (except by exhaustive search)
     the input corresponding to a particular output.  This net result is a “fingerprint” of the input-data,
     which doesn't disclose the actual input.

     MD2 is the slowest, MD4 is the fastest and MD5 is somewhere in the middle.  MD2 can only be used for
     Privacy-Enhanced Mail.  MD4 has been criticized for being too weak, so MD5 was developed in response as
     ``MD4 with safety-belts''.  MD4 and MD5 have been broken; they should only be used where necessary for
     backward compatibility.  The attacks on both MD4 and MD5 are both in the nature of finding “collisions” -
     that is, multiple inputs which hash to the same value; it is still unlikely for an attacker to be able to
     determine the exact original input given a hash value.

     The MD2Init(), MD2Update(), and MD2Final() functions are the core functions.  Allocate an MD2_CTX,
     initialize it with MD2Init(), run over the data with MD2Update(), and finally extract the result using
     MD2Final().

     The MD2Pad() function can be used to apply padding to the message digest as in MD2Final(), but the current
     context can still be used with MD2Update().

     The MD2Transform() function is used by MD2Update() to hash 512-bit blocks and forms the core of the
     algorithm.  Most programs should use the interface provided by MD2Init(), MD2Update() and MD2Final()
     instead of calling MD2Transform() directly.

     MD2End() is a wrapper for MD2Final() which converts the return value to an MD2_DIGEST_STRING_LENGTH-
     character (including the terminating '\0') ASCII string which represents the 128 bits in hexadecimal.

     MD2File() calculates the digest of a file, and uses MD2End() to return the result.  If the file cannot be
     opened, a null pointer is returned.

     MD2FileChunk() behaves like MD2File() but calculates the digest only for that portion of the file starting
     at offset and continuing for length bytes or until end of file is reached, whichever comes first.  A zero
     length can be specified to read until end of file.  A negative length or offset will be ignored.  MD2Data()
     calculates the digest of a chunk of data in memory, and uses MD2End() to return the result.

     When using MD2End(), MD2File(), MD2FileChunk(), or MD2Data(), the buf argument can be a null pointer, in
     which case the returned string is allocated with malloc(3) and subsequently must be explicitly deallocated
     using free(3) after use.  If the buf argument is non-null it must point to at least
     MD2_DIGEST_STRING_LENGTH characters of buffer space.


SEE ALSO
     md2(3), md4(3), md5(3), rmd160(3), sha1(3), sha2(3)

     B. Kaliski, The MD2 Message-Digest Algorithm, RFC 1319.

     R. Rivest, The MD4 Message-Digest Algorithm, RFC 1186.

     R. Rivest, The MD5 Message-Digest Algorithm, RFC 1321.

     RSA Laboratories, Frequently Asked Questions About today's Cryptography, <http://www.rsa.com/rsalabs/faq/>.

     H. Dobbertin, “Alf Swindles Ann”, CryptoBytes, 1(3):5, 1995.

     MJ. B. Robshaw, “On Recent Results for MD4 and MD5”, RSA Laboratories Bulletin, 4, November 12, 1996.

     Hans Dobbertin, Cryptanalysis of MD5 Compress.


HISTORY
     These functions appeared in OpenBSD 2.0 and NetBSD 1.3.


AUTHORS
     The original MD2 routines were developed by RSA Data Security, Inc., and published in the above references.
     This code is derived from a public domain implementation written by Colin Plumb.

     The MD2End(), MD2File(), MD2FileChunk(), and MD2Data() helper functions are derived from code written by
     Poul-Henning Kamp.


BUGS
     Collisions have been found for the full versions of both MD4 and MD5.  The use of sha2(3) is recommended
     instead.