MD4 to Historic Status
RFC 6150
Document | Type |
RFC - Informational
(March 2011; Errata)
Obsoletes RFC 1320
Was draft-turner-md4-to-historic (individual in gen area)
|
|
---|---|---|---|
Authors | Lily Chen , Sean Turner | ||
Last updated | 2020-01-21 | ||
Stream | IETF | ||
Formats | plain text html pdf htmlized with errata bibtex | ||
Reviews | |||
Stream | WG state | (None) | |
Document shepherd | No shepherd assigned | ||
IESG | IESG state | RFC 6150 (Informational) | |
Consensus Boilerplate | Unknown | ||
Telechat date | |||
Responsible AD | Robert Sparks | ||
Send notices to | (None) |
Internet Engineering Task Force (IETF) S. Turner Request for Comments: 6150 IECA Obsoletes: 1320 L. Chen Category: Informational NIST ISSN: 2070-1721 March 2011 MD4 to Historic Status Abstract This document retires RFC 1320, which documents the MD4 algorithm, and discusses the reasons for doing so. This document moves RFC 1320 to Historic status. Status of This Memo This document is not an Internet Standards Track specification; it is published for informational purposes. This document is a product of the Internet Engineering Task Force (IETF). It represents the consensus of the IETF community. It has received public review and has been approved for publication by the Internet Engineering Steering Group (IESG). Not all documents approved by the IESG are a candidate for any level of Internet Standard; see Section 2 of RFC 5741. Information about the current status of this document, any errata, and how to provide feedback on it may be obtained at http://www.rfc-editor.org/info/rfc6150. Copyright Notice Copyright (c) 2011 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License. Turner & Chen Informational [Page 1] RFC 6150 MD2 to Historic Status March 2011 1. Introduction MD4 [MD4] is a message digest algorithm that takes as input a message of arbitrary length and produces as output a 128-bit "fingerprint" or "message digest" of the input. This document retires [MD4]. Specifically, this document moves RFC 1320 [MD4] to Historic status. The reasons for taking this action are discussed. [HASH-Attack] summarizes the use of hashes in many protocols and discusses how attacks against a message digest algorithm's one-way and collision-free properties affect and do not affect Internet protocols. Familiarity with [HASH-Attack] is assumed. 2. Rationale MD4 was published in 1992 as an Informational RFC. Since its publication, MD4 has been under attack [denBORBOS1992] [DOBB1995] [DOBB1996] [GLRW2010] [WLDCY2005] [LUER2008]. In fact, RSA, in 1996, suggested that MD4 should not be used [RSA-AdviceOnMD4]. Microsoft also made similar statements [MS-AdviceOnMD4]. In Section 6, this document discusses attacks against MD4 that indicate use of MD4 is no longer appropriate when collision resistance is required. Section 6 also discusses attacks against MD4's pre-image and second pre-image resistance. Additionally, attacks against MD4 used in message authentication with a shared secret (i.e., HMAC-MD4) are discussed. 3. Documents that Reference RFC 1320 Use of MD4 has been specified in the following RFCs: Internet Standard (IS): o [RFC2289] A One-Time Password System. Draft Standard (DS): o [RFC1629] Guidelines for OSI NSAP Allocation in the Internet. Proposed Standard (PS): o [RFC3961] Encryption and Checksum Specifications for Kerberos 5. Best Current Practice (BCP): o [RFC4086] Randomness Requirements for Security. Turner & Chen Informational [Page 2] RFC 6150 MD2 to Historic Status March 2011 Informational: o [RFC1760] The S/KEY One-Time Password System. o [RFC1983] Internet Users' Glossary. o [RFC2433] Microsoft PPP CHAP Extensions. o [RFC2759] Microsoft PPP CHAP Extensions, Version 2. o [RFC3174] US Secure Hash Algorithm 1 (SHA1). o [RFC4757] The RC4-HMAC Kerberos Encryption Types Used by Microsoft Windows. o [RFC5126] CMS Advanced Electronic Signatures (CAdES). There are other RFCs that refer to MD2, but they have been either moved to Historic status or obsoleted by a later RFC. References and discussions about these RFCs are omitted. The notable exceptions are: o [RFC2313] PKCS #1: RSA Encryption Version 1.5. o [RFC2437] PKCS #1: RSA Cryptography Specifications Version 2.0. o [RFC3447] Public-Key Cryptography Standards (PKCS) #1: RSA Cryptography Specifications Version 2.1. 4. Impact of Moving MD4 to HistoricShow full document text