6.4.5. RSA MD5 Cryptographic Checksum Using DES (rsa-md5des)
Connected: An Internet Encyclopedia
6.4.5. RSA MD5 Cryptographic Checksum Using DES (rsa-md5des)
Up:
Connected: An Internet Encyclopedia
Up:
Requests For Comments
Up:
RFC 1510
Up:
6. Encryption and Checksum Specifications
Up:
6.4. Checksums
Prev: 6.4.4. The RSA MD5 Checksum (rsa-md5)
Next: 6.4.6. DES cipher-block chained checksum (des-mac)
6.4.5. RSA MD5 Cryptographic Checksum Using DES (rsa-md5des)
6.4.5. RSA MD5 Cryptographic Checksum Using DES (rsa-md5des)
The RSA-MD5-DES checksum calculates a keyed collisionproof checksum
by prepending an 8 octet confounder before the text, applying the RSA
MD5 checksum algorithm, and encrypting the confounder and the
checksum using DES in cipher-block-chaining (CBC) mode using a
variant of the key, where the variant is computed by eXclusive-ORing
the key with the constant F0F0F0F0F0F0F0F0. The initialization
vector should be zero. The resulting checksum is 24 octets long (8
octets of which are redundant). This checksum is tamper-proof and
believed to be collision-proof.
The DES specifications identify some "weak keys"; those keys shall
not be used for encrypting RSA-MD5 checksums for use in Kerberos.
The format for the checksum is described in the following diagram:
+--+--+--+--+--+--+--+--
| des-cbc(confounder
+--+--+--+--+--+--+--+--
+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
rsa-md5(confounder+msg),key=var(key),iv=0) |
+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
The format cannot be described in ASN.1, but for those who prefer an
ASN.1-like notation:
rsa-md5-des-checksum ::= ENCRYPTED UNTAGGED SEQUENCE {
confounder[0] UNTAGGED OCTET STRING(8),
check[1] UNTAGGED OCTET STRING(16)
}
Next: 6.4.6. DES cipher-block chained checksum (des-mac)
Connected: An Internet Encyclopedia
6.4.5. RSA MD5 Cryptographic Checksum Using DES (rsa-md5des)
| 
