**Connected: An Internet Encyclopedia**

*6.4.3. RSA MD4 Cryptographic Checksum Using DES (rsa-md4des)*

**Up:**
Connected: An Internet Encyclopedia

**Up:**
Requests For Comments

**Up:**
RFC 1510

**Up:**
6. Encryption and Checksum Specifications

**Up:**
6.4. Checksums

**Prev:** 6.4.2. The RSA MD4 Checksum (rsa-md4)

**Next:** 6.4.4. The RSA MD5 Checksum (rsa-md5)

### 6.4.3. RSA MD4 Cryptographic Checksum Using DES (rsa-md4des)

6.4.3. RSA MD4 Cryptographic Checksum Using DES (rsa-md4des)
The RSA-MD4-DES checksum calculates a keyed collisionproof checksum
by prepending an 8 octet confounder before the text, applying the RSA
MD4 checksum algorithm, and encrypting the confounder and the
checksum using DES in cipher-block-chaining (CBC) mode using a
variant of the key, where the variant is computed by eXclusive-ORing
the key with the constant F0F0F0F0F0F0F0F0 (A variant of the key is
used to limit the use of a key to a particular function, separating
the functions of generating a checksum from other encryption
performed using the session key. The constant F0F0F0F0F0F0F0F0 was
chosen because it maintains key parity. The properties of DES
precluded the use of the complement. The same constant is used for
similar purpose in the Message Integrity Check in the Privacy
Enhanced Mail standard.). The initialization vector should be zero.
The resulting checksum is 24 octets long (8 octets of which are
redundant). This checksum is tamper-proof and believed to be
collision-proof.

The DES specifications identify some "weak keys"; those keys shall
not be used for generating RSA-MD4 checksums for use in Kerberos.

The format for the checksum is described in the following diagram:

+--+--+--+--+--+--+--+--
| des-cbc(confounder
+--+--+--+--+--+--+--+--
+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
rsa-md4(confounder+msg),key=var(key),iv=0) |
+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+

The format cannot be described in ASN.1, but for those who prefer an
ASN.1-like notation:

rsa-md4-des-checksum ::= ENCRYPTED UNTAGGED SEQUENCE {
confounder[0] UNTAGGED OCTET STRING(8),
check[1] UNTAGGED OCTET STRING(16)
}

**Next:** 6.4.4. The RSA MD5 Checksum (rsa-md5)

**Connected: An Internet Encyclopedia**

*6.4.3. RSA MD4 Cryptographic Checksum Using DES (rsa-md4des)*