diff options
author | Stefan Kangas <stefan@marxist.se> | 2020-10-28 02:37:18 +0100 |
---|---|---|
committer | Stefan Kangas <stefan@marxist.se> | 2020-10-28 02:45:17 +0100 |
commit | 01d67bc8450a4c9f94667efd8698feb454a81d6e (patch) | |
tree | 2b7ce9f11ac9876a2dee083574ef803b1252c5cc /lisp/md4.el | |
parent | 2efff5e61caae07b827840dd80eef61ed5ef40f9 (diff) | |
download | emacs-01d67bc8450a4c9f94667efd8698feb454a81d6e.tar.gz |
Warn against using the MD4 hash function
* lisp/md4.el (md4): Warn against using it, since its security is
non-existent and it has been declared obsolete. It should probably
only be used by our NTLM support. Point users to secure-hash instead.
Diffstat (limited to 'lisp/md4.el')
-rw-r--r-- | lisp/md4.el | 17 |
1 files changed, 16 insertions, 1 deletions
diff --git a/lisp/md4.el b/lisp/md4.el index 029a125b8ae..11c91307afc 100644 --- a/lisp/md4.el +++ b/lisp/md4.el @@ -22,6 +22,16 @@ ;; You should have received a copy of the GNU General Public License ;; along with GNU Emacs. If not, see <https://www.gnu.org/licenses/>. +;;; Commentary: + +;; The MD4 Message-Digest Algorithm. +;; +;; The security of the MD4 hashing algorithm is very poor to +;; non-existent. It was declared obsolete by RFC 6150 in 2011: +;; https://tools.ietf.org/html/rfc6150 +;; +;; You probably want to use `secure-hash' instead. + ;;; Code: ;;; @@ -33,7 +43,12 @@ (defun md4 (in n) "Return the MD4 hash for a string IN of length N bytes. The returned hash is 16 bytes long. N is required to handle -strings containing the character 0." +strings containing the character 0. + +The security of the MD4 hashing algorithm is very poor to +non-existent. It was declared obsolete by RFC 6150 in 2011. + +You probably want to use `secure-hash' instead." (let (m (b (cons 0 (* n 8))) (i 0) |