**Connected: An Internet Encyclopedia**

*6.4.8. DES cipher-block chained checksum alternative (desmac-k)*

**Up:**
Connected: An Internet Encyclopedia

**Up:**
Requests For Comments

**Up:**
RFC 1510

**Up:**
6. Encryption and Checksum Specifications

**Up:**
6.4. Checksums

**Prev:** 6.4.7. RSA MD4 Cryptographic Checksum Using DES alternative

**Next:** 7. Naming Constraints

### 6.4.8. DES cipher-block chained checksum alternative (desmac-k)

6.4.8. DES cipher-block chained checksum alternative (desmac-k)
The DES-MAC-K checksum is computed by performing a DES CBC-mode
encryption of the plaintext, and using the last block of the
ciphertext as the checksum value. It is keyed with an encryption key
and an initialization vector; any uses which do not specify an
additional initialization vector will use the key as both key and
initialization vector. The resulting checksum is 64 bits (8 octets)
long. This checksum is tamper-proof and collision-proof. Note that
this checksum type is the old method for encoding the DESMAC checksum
and it is no longer recommended.

The DES specifications identify some "weak keys"; those keys shall
not be used for generating DES-MAC checksums for use in Kerberos.

**Next:** 7. Naming Constraints

**Connected: An Internet Encyclopedia**

*6.4.8. DES cipher-block chained checksum alternative (desmac-k)*