makekey(1) makekey(1)
NAME
makekey - generate encryption key
SYNOPSIS
/usr/lib/makekey
DESCRIPTION
makekey improves the usefulness of encryption schemes
depending on a key by increasing the amount of time required
to search the key space. It attempts to read eight bytes for
its key (the first eight input bytes), then it attempts to
read two bytes for its salt (the last two input bytes). The
output depends on the input in a way intended to be difficult
to compute (that is, to require a substantial fraction of a
second).
The first eight input bytes (the input key) can be arbitrary
ASCII characters. The last two (the salt) are best chosen
from the set of digits, ., /, and upper- and lower-case
letters. The salt characters are repeated as the first two
characters of the output. The remaining 11 output characters
are chosen from the same set as the salt and constitute the
output key.
The transformation performed is essentially the following: the
salt is used to select one of 4,096 cryptographic machines all
based on the National Bureau of Standards DES algorithm, but
broken in 4,096 different ways. Using the input key as key, a
constant string is fed into the machine and recirculated a
number of times. The 64 bits that come out are distributed
into the 66 output key bits in the result.
makekey is intended for programs that perform encryption.
Usually, its input and output will be pipes.
REFERENCES
crypt(1), ed(1), passwd(4), vi(1)
NOTICES
makekey can produce different results depending upon whether
the input is typed at the terminal or redirected from a file.
This command is provided with the Encryption Utilities, which
is only available in the United States.
Copyright 1994 Novell, Inc. Page 1