[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
master 01d67bc: Warn against using the MD4 hash function
|
From: |
Stefan Kangas |
|
Subject: |
master 01d67bc: Warn against using the MD4 hash function |
|
Date: |
Tue, 27 Oct 2020 21:45:25 -0400 (EDT) |
branch: master
commit 01d67bc8450a4c9f94667efd8698feb454a81d6e
Author: Stefan Kangas <stefan@marxist.se>
Commit: Stefan Kangas <stefan@marxist.se>
Warn against using the MD4 hash function
* lisp/md4.el (md4): Warn against using it, since its security is
non-existent and it has been declared obsolete. It should probably
only be used by our NTLM support. Point users to secure-hash instead.
---
lisp/md4.el | 17 ++++++++++++++++-
1 file changed, 16 insertions(+), 1 deletion(-)
diff --git a/lisp/md4.el b/lisp/md4.el
index 029a125..11c9130 100644
--- a/lisp/md4.el
+++ b/lisp/md4.el
@@ -22,6 +22,16 @@
;; You should have received a copy of the GNU General Public License
;; along with GNU Emacs. If not, see <https://www.gnu.org/licenses/>.
+;;; Commentary:
+
+;; The MD4 Message-Digest Algorithm.
+;;
+;; The security of the MD4 hashing algorithm is very poor to
+;; non-existent. It was declared obsolete by RFC 6150 in 2011:
+;; https://tools.ietf.org/html/rfc6150
+;;
+;; You probably want to use `secure-hash' instead.
+
;;; Code:
;;;
@@ -33,7 +43,12 @@
(defun md4 (in n)
"Return the MD4 hash for a string IN of length N bytes.
The returned hash is 16 bytes long. N is required to handle
-strings containing the character 0."
+strings containing the character 0.
+
+The security of the MD4 hashing algorithm is very poor to
+non-existent. It was declared obsolete by RFC 6150 in 2011.
+
+You probably want to use `secure-hash' instead."
(let (m
(b (cons 0 (* n 8)))
(i 0)
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- master 01d67bc: Warn against using the MD4 hash function,
Stefan Kangas <=