makekey(1) UNIX System V(Encryption Utilities) makekey(1)
NAME
makekey - generate encryption key
SYNOPSIS
/usr/lib/makekey
DESCRIPTION
makekey improves the usefulness of encryption schemes depending on a key
by increasing the amount of time required to search the key space. It
attempts to read 8 bytes for its key (the first eight input bytes), then
it attempts to read 2 bytes for its salt (the last two input bytes). The
output depends on the input in a way intended to be difficult to compute
(that is, to require a substantial fraction of a second).
The first eight input bytes (the input key) can be arbitrary ASCII
characters. The last two (the salt) are best chosen from the set of
digits, ., /, and upper- and lower-case letters. The salt characters are
repeated as the first two characters of the output. The remaining 11
output characters are chosen from the same set as the salt and constitute
the output key.
The transformation performed is essentially the following: the salt is
used to select one of 4,096 cryptographic machines all based on the
National Bureau of Standards DES algorithm, but broken in 4,096 different
ways. Using the input key as key, a constant string is fed into the
machine and recirculated a number of times. The 64 bits that come out
are distributed into the 66 output key bits in the result.
makekey is intended for programs that perform encryption. Usually, its
input and output will be pipes.
SEE ALSO
ed(1), crypt(1), vi(1)
passwd(4) in the System Administrator's Reference Manual
NOTES
makekey can produce different results depending upon whether the input is
typed at the terminal or redirected from a file.
This command is provided with the Encryption Utilities, which is only
available in the United States.
10/89 Page 1