makekey(1) (Security Administration Utilities) makekey(1)
NAME
makekey - generate encryption key
SYNOPSIS
/usr/lib/makekey
DESCRIPTION
makekey improves the usefulness of encryption schemes depending on a
key by increasing the amount of time required to search the key
space. It attempts to read 8 bytes for its key (the first eight
input bytes), then it attempts to read 2 bytes for its salt (the last
two input bytes). The output depends on the input in a way intended
to be difficult to compute (i.e., to require a substantial fraction
of a second).
The first eight input bytes (the input key) can be arbitrary ASCII
characters. The last two (the salt) are best chosen from the set of
digits, ., /, and upper- and lower-case letters. The salt characters
are repeated as the first two characters of the output. The
remaining 11 output characters are chosen from the same set as the
salt and constitute the output key.
The transformation performed is essentially the following: the salt
is used to select one of 4,096 cryptographic machines all based on
the National Bureau of Standards DES algorithm, but broken in 4,096
different ways. Using the input key as key, a constant string is fed
into the machine and recirculated a number of times. The 64 bits
that come out are distributed into the 66 output key bits in the
result.
makekey is intended for programs that perform encryption. Usually,
its input and output will be pipes.
SEE ALSO
ed(1), crypt(1), vi(1).
passwd(4) in the Programmer's Reference Manual.
NOTES
makekey can produce different results depending upon whether the
input is typed at the terminal or redirected from a file.
This command is provided with the Security Administration Utilities,
which is only available in the United States.
7/91 Page 1