man(1) Manual page archive


     MAKEKEY(8)                                             MAKEKEY(8)

     NAME
          makekey - generate encryption key

     SYNOPSIS
          /usr/lib/makekey

     DESCRIPTION
          Makekey improves the usefulness of encryption schemes
          depending on a key by increasing the amount of time required
          to search the key space.  It reads 10 bytes from its stan-
          dard input, and writes 13 bytes on its standard output.  The
          output depends on the input in a way intended to be diffi-
          cult to compute (i.e. to require a substantial fraction of a
          second).

          The first eight input bytes (the input key) can be arbitrary
          ASCII characters.  The last two (the salt) are best chosen
          from the set of digits, upper- and lower-case letters, and
          `.' and `/'.  The salt characters are repeated as the first
          two characters of the output.  The remaining 11 output char-
          acters are chosen from the same set as the salt and consti-
          tute the output key.

          The transformation performed is essentially the following:
          the salt is used to select one of 4096 cryptographic
          machines all based on the National Bureau of Standards DES
          algorithm, but modified in 4096 different ways.  Using the
          input key as key, a constant string is fed into the machine
          and recirculated a number of times.  The 64 bits that come
          out are distributed into the 66 useful key bits in the
          result.

          Makekey is intended for programs that perform encryption
          (e.g.  ed and crypt(1)). Usually its input and output will
          be pipes.

     SEE ALSO
          crypt(1), ed(1)