makekey(1) makekey(1)NAME makekey - generate encryption key SYNOPSIS /usr/lib/makekey DESCRIPTION makekey improves the usefulness of encryption schemes depending on a key by increasing the amount of time required to search the key space. It reads 10 bytes from its stan- dard input, and writes 13 bytes on its standard output. The output depends on the input in a way intended to be diffi- cult to compute (i.e., to require a substantial fraction of a second). The first eight input bytes (the input key) can be arbitrary ASCII characters. The last two (the salt) are best chosen from the set of digits, ., /, and upper and lowercase letters. The salt characters are repeated as the first two characters of the output. The remaining 11 output charac- ters are chosen from the same set as the salt and constitute the output key. The transformation performed is essentially the following: the salt is used to select one of 4,096 cryptographic machines all based on the National Bureau of Standards DES algorithm, but broken in 4,096 different ways. Using the input key as key, a constant string is fed into the machine and recirculated a number of times. The 64 bits that come out are distributed into the 66 output key bits in the result. makekey is intended for programs that perform encryption (e.g., ed(1) and crypt(1)). (The encryption scheme provided by them is not secure.) Usually, makekey's input and output will be pipes. EXAMPLES /usr/lib/makekey abcdefgh23 23xq5GyrhLTCA The first line invokes makekey, the second line is the input to makekey, and the third is the new key generated by make- key. FILES /usr/lib/makekey April, 1990 1
makekey(1) makekey(1)SEE ALSO crypt(1), ed(1), ex(1), passwd(4). 2 April, 1990