6.4.3. RSA MD4 Cryptographic Checksum Using DES (rsamd4des)
Connected: An Internet Encyclopedia
6.4.3. RSA MD4 Cryptographic Checksum Using DES (rsamd4des)
Up:
Connected: An Internet Encyclopedia
Up:
Requests For Comments
Up:
RFC 1510
Up:
6. Encryption and Checksum Specifications
Up:
6.4. Checksums
Prev: 6.4.2. The RSA MD4 Checksum (rsamd4)
Next: 6.4.4. The RSA MD5 Checksum (rsamd5)
6.4.3. RSA MD4 Cryptographic Checksum Using DES (rsamd4des)
6.4.3. RSA MD4 Cryptographic Checksum Using DES (rsamd4des)
The RSAMD4DES checksum calculates a keyed collisionproof checksum
by prepending an 8 octet confounder before the text, applying the RSA
MD4 checksum algorithm, and encrypting the confounder and the
checksum using DES in cipherblockchaining (CBC) mode using a
variant of the key, where the variant is computed by eXclusiveORing
the key with the constant F0F0F0F0F0F0F0F0 (A variant of the key is
used to limit the use of a key to a particular function, separating
the functions of generating a checksum from other encryption
performed using the session key. The constant F0F0F0F0F0F0F0F0 was
chosen because it maintains key parity. The properties of DES
precluded the use of the complement. The same constant is used for
similar purpose in the Message Integrity Check in the Privacy
Enhanced Mail standard.). The initialization vector should be zero.
The resulting checksum is 24 octets long (8 octets of which are
redundant). This checksum is tamperproof and believed to be
collisionproof.
The DES specifications identify some "weak keys"; those keys shall
not be used for generating RSAMD4 checksums for use in Kerberos.
The format for the checksum is described in the following diagram:
++++++++
 descbc(confounder
++++++++
+++++++++++++++++
rsamd4(confounder+msg),key=var(key),iv=0) 
+++++++++++++++++
The format cannot be described in ASN.1, but for those who prefer an
ASN.1like notation:
rsamd4deschecksum ::= ENCRYPTED UNTAGGED SEQUENCE {
confounder[0] UNTAGGED OCTET STRING(8),
check[1] UNTAGGED OCTET STRING(16)
}
Next: 6.4.4. The RSA MD5 Checksum (rsamd5)
Connected: An Internet Encyclopedia
6.4.3. RSA MD4 Cryptographic Checksum Using DES (rsamd4des)
