6.4.6. DES cipherblock chained checksum (desmac)
Connected: An Internet Encyclopedia
6.4.6. DES cipherblock chained checksum (desmac)
Up:
Connected: An Internet Encyclopedia
Up:
Requests For Comments
Up:
RFC 1510
Up:
6. Encryption and Checksum Specifications
Up:
6.4. Checksums
Prev: 6.4.5. RSA MD5 Cryptographic Checksum Using DES (rsamd5des)
Next: 6.4.7. RSA MD4 Cryptographic Checksum Using DES alternative
6.4.6. DES cipherblock chained checksum (desmac)
6.4.6. DES cipherblock chained checksum (desmac)
The DESMAC checksum is computed by prepending an 8 octet confounder
to the plaintext, performing a DES CBCmode encryption on the result
using the key and an initialization vector of zero, taking the last
block of the ciphertext, prepending the same confounder and
encrypting the pair using DES in cipherblockchaining (CBC) mode
using a a variant of the key, where the variant is computed by
eXclusiveORing the key with the constant F0F0F0F0F0F0F0F0. The
initialization vector should be zero. The resulting checksum is 128
bits (16 octets) long, 64 bits of which are redundant. This checksum
is tamperproof and collisionproof.
The format for the checksum is described in the following diagram:
++++++++
 descbc(confounder
++++++++
+++++++++
desmac(conf+msg,iv=0,key),key=var(key),iv=0) 
+++++++++
The format cannot be described in ASN.1, but for those who prefer an
ASN.1like notation:
desmacchecksum ::= ENCRYPTED UNTAGGED SEQUENCE {
confounder[0] UNTAGGED OCTET STRING(8),
check[1] UNTAGGED OCTET STRING(8)
}
The DES specifications identify some "weak" and "semiweak" keys;
those keys shall not be used for generating DESMAC checksums for use
in Kerberos, nor shall a key be used whose veriant is "weak" or
"semiweak".
Next: 6.4.7. RSA MD4 Cryptographic Checksum Using DES alternative
Connected: An Internet Encyclopedia
6.4.6. DES cipherblock chained checksum (desmac)
