Warn against using the MD4 hash function

* lisp/md4.el (md4): Warn against using it, since its security is non-existent and it has been declared obsolete. It should probably only be used by our NTLM support. Point users to secure-hash instead.
2024-11-26 07:33:47 +00:00 · 2020-10-28 02:37:18 +01:00 · 2020-10-28 02:37:18 +01:00 · 01d67bc845
commit 01d67bc845
parent 2efff5e61c
1 changed files with 16 additions and 1 deletions
--- a/lisp/md4.el
+++ b/lisp/md4.el
@ -22,6 +22,16 @@
 ;; You should have received a copy of the GNU General Public License
 ;; along with GNU Emacs.  If not, see <https://www.gnu.org/licenses/>.

+;;; Commentary:
+
+;; The MD4 Message-Digest Algorithm.
+;;
+;; The security of the MD4 hashing algorithm is very poor to
+;; non-existent.  It was declared obsolete by RFC 6150 in 2011:
+;; https://tools.ietf.org/html/rfc6150
+;;
+;; You probably want to use `secure-hash' instead.
+
 ;;; Code:

 ;;;
@ -33,7 +43,12 @@
 (defun md4 (in n)
  "Return the MD4 hash for a string IN of length N bytes.
 The returned hash is 16 bytes long.  N is required to handle
-strings containing the character 0."
+strings containing the character 0.
+
+The security of the MD4 hashing algorithm is very poor to
+non-existent.  It was declared obsolete by RFC 6150 in 2011.
+
+You probably want to use `secure-hash' instead."
  (let (m
 	(b (cons 0 (* n 8)))
 	(i 0)