MAKEKEY(1) User Commands MAKEKEY(1)
NAME
makekey - generate encryption key
SYNOPSIS
/usr/lib/makekeyDESCRIPTION
makekey improves the usefulness of encryption schemes that depend on
a key by increasing the amount of time required to search the key
space. It attempts to read 8 bytes for its
key (the first eight input
bytes), then it attempts to read 2 bytes for its
salt (the last two
input bytes). The output depends on the input in a way intended to be
difficult to compute (that is, to require a substantial fraction of a
second).
The first eight input bytes (the
input key) can be arbitrary
ASCII characters. The last two (the
salt) are best chosen from the set of
digits,
.,
/, upper- and lower-case letters. The salt characters are
repeated as the first two characters of the output. The remaining 11
output characters are chosen from the same set as the
salt and
constitute the
output key.
The transformation performed is essentially the following: the
salt is used to select one of 4,096 cryptographic machines all based on
the National Bureau of Standards
DES algorithm, but broken in 4,096
different ways. Using the
input key as key, a constant string is fed
into the machine and recirculated a number of times. The 64 bits that
come out are distributed into the 66
output key bits in the result.
makekey is intended for programs that perform encryption. Usually,
its input and output will be pipes.
SEE ALSO
ed(1),
vi(1),
passwd(5)NOTES
makekey can produce different results depending upon whether the
input is typed at the terminal or redirected from a file.
March 3, 2008 MAKEKEY(1)
