Commit | Line | Data |
---|---|---|
e6817382 BJ |
1 | .TH MAKEKEY 8 |
2 | .SH NAME | |
3 | makekey \- generate encryption key | |
4 | .SH SYNOPSIS | |
5 | .B /usr/lib/makekey | |
6 | .SH DESCRIPTION | |
7 | .I Makekey | |
8 | improves the usefulness of encryption schemes | |
9 | depending on a key by increasing the amount of time required to | |
10 | search the key space. | |
11 | It reads 10 bytes from its standard input, | |
12 | and writes 13 bytes on its standard output. | |
13 | The output depends on the input in a way intended | |
14 | to be difficult to compute (i.e. to require a substantial | |
15 | fraction of a second). | |
16 | .PP | |
17 | The first eight input bytes | |
18 | (the | |
19 | .IR "input key" ) | |
20 | can be arbitrary ASCII characters. | |
21 | The last | |
22 | two (the | |
23 | .IR salt ) | |
24 | are best chosen from the set of digits, upper- and lower-case | |
25 | letters, and `.' and `/'. | |
26 | The salt characters are repeated as the first two characters of the output. | |
27 | The remaining 11 output characters are chosen from the same set as the salt | |
28 | and constitute the | |
29 | .I "output key." | |
30 | .PP | |
31 | The transformation performed is essentially the following: | |
32 | the salt is used to select one of 4096 cryptographic | |
33 | machines all based on the National Bureau of Standards | |
34 | DES algorithm, but modified in 4096 different ways. | |
35 | Using the input key as key, | |
36 | a constant string is fed into the machine and recirculated | |
37 | a number of times. | |
38 | The 64 bits that come out are distributed into the | |
39 | 66 useful key bits in the result. | |
40 | .PP | |
41 | .I Makekey | |
42 | is intended for programs that perform encryption | |
43 | (e.g. | |
44 | .I ed | |
45 | and | |
46 | .IR crypt (1)). | |
47 | Usually its input and output will be pipes. | |
48 | .SH SEE ALSO | |
49 | crypt(1), ed(1) |