makekey(1)

makekey -- generate encryption key

Synopsis

/usr/lib/makekey

Description

makekey improves the usefulness of encryption schemes depending on a key by increasing the amount of time required to search the key space. It attempts to read eight bytes for its ``key'' (the first eight input bytes), then it attempts to read two bytes for its ``salt'' (the last two input bytes). The output depends on the input in a way intended to be difficult to compute (that is, to require a substantial fraction of a second).

The first eight input bytes (the ``input key'') can be arbitrary ASCII characters. The last two (the ``salt'') are best chosen from the set of digits, ``.'', ``/'', and upper and lower-case letters. The salt characters are repeated as the first two characters of the output. The remaining 11 output characters are chosen from the same set as the salt and constitute the ``output key''.

The transformation performed is essentially the following: the salt is used to select one of 4,096 cryptographic machines all based on the National Bureau of Standards DES algorithm, but broken in 4,096 different ways. Using the ``input key'' as key, a constant string is fed into the machine and recirculated a number of times. The 64 bits that come out are distributed into the 66 ``output key'' bits in the result.

makekey is intended for programs that perform encryption. Usually, its input and output will be pipes.

References

crypt(1), ed(1), passwd(4), vi(1)

Notices

makekey can produce different results depending upon whether the input is typed at the terminal or redirected from a file.

This command is provided with the Encryption Utilities, which is only available in the United States.