Connected: An Internet Encyclopedia
6.4.8. DES cipher-block chained checksum alternative (desmac-k)

Up: Connected: An Internet Encyclopedia
Up: Requests For Comments
Up: RFC 1510
Up: 6. Encryption and Checksum Specifications
Up: 6.4. Checksums
Prev: 6.4.7. RSA MD4 Cryptographic Checksum Using DES alternative
Next: 7. Naming Constraints

6.4.8. DES cipher-block chained checksum alternative (desmac-k)

6.4.8. DES cipher-block chained checksum alternative (desmac-k)

The DES-MAC-K checksum is computed by performing a DES CBC-mode encryption of the plaintext, and using the last block of the ciphertext as the checksum value. It is keyed with an encryption key and an initialization vector; any uses which do not specify an additional initialization vector will use the key as both key and initialization vector. The resulting checksum is 64 bits (8 octets) long. This checksum is tamper-proof and collision-proof. Note that this checksum type is the old method for encoding the DESMAC checksum and it is no longer recommended.

The DES specifications identify some "weak keys"; those keys shall not be used for generating DES-MAC checksums for use in Kerberos.


Next: 7. Naming Constraints

Connected: An Internet Encyclopedia
6.4.8. DES cipher-block chained checksum alternative (desmac-k)