makekey(1) makekey(1)
NAME
makekey - generate encryption key
SYNOPSIS
/usr/lib/makekey
DESCRIPTION
makekey improves the usefulness of encryption schemes
depending on a key by increasing the amount of time required
to search the key space. It reads 10 bytes from its
standard input, and writes 13 bytes on its standard output.
The output depends on the input in a way intended to be
difficult to compute (i.e., to require a substantial
fraction of a second).
The first eight input bytes (the input key) can be arbitrary
ASCII characters. The last two (the salt) are best chosen
from the set of digits, ., /, and upper- and lower-case
letters. The salt characters are repeated as the first two
characters of the output. The remaining 11 output
characters are chosen from the same set as the salt and
constitute the output key.
The transformation performed is essentially the following:
the salt is used to select one of 4,096 cryptographic
machines all based on the National Bureau of Standards DES
algorithm, but broken in 4,096 different ways. Using the
input key as key, a constant string is fed into the machine
and recirculated a number of times. The 64 bits that come
out are distributed into the 66 output key bits in the
result.
makekey is intended for programs that perform encryption
(e.g., ed(1) and crypt(1)). (The encryption scheme provided
by them is not secure.) Usually, makekey's input and output
will be pipes.
EXAMPLE
/usr/lib/makekey
abcdefgh23
23xq5GyrhLTCA
The first line invokes makekey, the second line is the input
to makekey, and the third is the new key generated by
makekey.
FILES
/usr/lib/makekey
SEE ALSO
crypt(1), ed(1), passwd(4).
Page 1 (last mod. 1/16/87)
makekey(1) makekey(1)
NOTE
Not included in international distributions.
Page 2 (last mod. 1/16/87)