1MD4(3)                   BSD Library Functions Manual                   MD4(3)
2

NAME

4     MD4Init, MD4Update, MD4Pad, MD4Final, MD4Transform, MD4End, MD4File,
5     MD4FileChunk, MD4Data — calculate the RSA Data Security, Inc., “MD4” mes‐
6     sage digest
7

LIBRARY

9     Message Digest (MD4, MD5, etc.) Support Library (libmd, -lmd)
10

SYNOPSIS

12     #include <sys/types.h>
13     #include <md4.h>
14
15     void
16     MD4Init(MD4_CTX *context);
17
18     void
19     MD4Update(MD4_CTX *context, const uint8_t *data, size_t len);
20
21     void
22     MD4Pad(MD4_CTX *context);
23
24     void
25     MD4Final(uint8_t digest[MD4_DIGEST_LENGTH], MD4_CTX *context);
26
27     void
28     MD4Transform(uint32_t state[4], uint8_t block[MD4_BLOCK_LENGTH]);
29
30     char *
31     MD4End(MD4_CTX *context, char *buf);
32
33     char *
34     MD4File(const char *filename, char *buf);
35
36     char *
37     MD4FileChunk(const char *filename, char *buf, off_t offset,
38         off_t length);
39
40     char *
41     MD4Data(const uint8_t *data, size_t len, char *buf);
42

DESCRIPTION

44     The MD4 functions calculate a 128-bit cryptographic checksum (digest) for
45     any number of input bytes.  A cryptographic checksum is a one-way hash-
46     function, that is, you cannot find (except by exhaustive search) the in‐
47     put corresponding to a particular output.  This net result is a
48     “fingerprint” of the input-data, which doesn't disclose the actual input.
49
50     MD2 is the slowest, MD4 is the fastest and MD5 is somewhere in the mid‐
51     dle.  MD2 can only be used for Privacy-Enhanced Mail.  MD4 has been crit‐
52     icized for being too weak, so MD5 was developed in response as ``MD4 with
53     safety-belts''.  MD4 and MD5 have been broken; they should only be used
54     where necessary for backward compatibility.  The attacks on both MD4 and
55     MD5 are both in the nature of finding “collisions” - that is, multiple
56     inputs which hash to the same value; it is still unlikely for an attacker
57     to be able to determine the exact original input given a hash value.
58
59     The MD4Init(), MD4Update(), and MD4Final() functions are the core func‐
60     tions.  Allocate an MD4_CTX, initialize it with MD4Init(), run over the
61     data with MD4Update(), and finally extract the result using MD4Final().
62
63     The MD4Pad() function can be used to apply padding to the message digest
64     as in MD4Final(), but the current context can still be used with
65     MD4Update().
66
67     The MD4Transform() function is used by MD4Update() to hash 512-bit blocks
68     and forms the core of the algorithm.  Most programs should use the inter‐
69     face provided by MD4Init(), MD4Update() and MD4Final() instead of calling
70     MD4Transform() directly.
71
72     MD4End() is a wrapper for MD4Final() which converts the return value to
73     an MD4_DIGEST_STRING_LENGTH-character (including the terminating '\0')
74     ASCII string which represents the 128 bits in hexadecimal.
75
76     MD4File() calculates the digest of a file, and uses MD4End() to return
77     the result.  If the file cannot be opened, a null pointer is returned.
78
79     MD4FileChunk() behaves like MD4File() but calculates the digest only for
80     that portion of the file starting at offset and continuing for length
81     bytes or until end of file is reached, whichever comes first.  A zero
82     length can be specified to read until end of file.  A negative length or
83     offset will be ignored.  MD4Data() calculates the digest of a chunk of
84     data in memory, and uses MD4End() to return the result.
85
86     When using MD4End(), MD4File(), MD4FileChunk(), or MD4Data(), the buf ar‐
87     gument can be a null pointer, in which case the returned string is allo‐
88     cated with malloc(3) and subsequently must be explicitly deallocated us‐
89     ing free(3) after use.  If the buf argument is non-null it must point to
90     at least MD4_DIGEST_STRING_LENGTH characters of buffer space.
91

SEE ALSO

93     md2(3), md4(3), md5(3), rmd160(3), sha1(3), sha2(3)
94
95     B. Kaliski, The MD2 Message-Digest Algorithm, RFC 1319.
96
97     R. Rivest, The MD4 Message-Digest Algorithm, RFC 1186.
98
99     R. Rivest, The MD5 Message-Digest Algorithm, RFC 1321.
100
101     RSA Laboratories, Frequently Asked Questions About today's Cryptography,
102     <http://www.rsa.com/rsalabs/faq/>.
103
104     H. Dobbertin, “Alf Swindles Ann”, CryptoBytes, 1(3):5, 1995.
105
106     MJ. B. Robshaw, “On Recent Results for MD4 and MD5”, RSA Laboratories
107     Bulletin, 4, November 12, 1996.
108
109     Hans Dobbertin, Cryptanalysis of MD5 Compress.
110

HISTORY

112     These functions appeared in OpenBSD 2.0 and NetBSD 1.3.
113

AUTHORS

115     The original MD4 routines were developed by RSA Data Security, Inc., and
116     published in the above references.  This code is derived from a public
117     domain implementation written by Colin Plumb.
118
119     The MD4End(), MD4File(), MD4FileChunk(), and MD4Data() helper functions
120     are derived from code written by Poul-Henning Kamp.
121

BUGS

123     Collisions have been found for the full versions of both MD4 and MD5.
124     The use of sha2(3) is recommended instead.
125
126BSD                              July 13, 2010                             BSD
Impressum