makekey(1) CLIX makekey(1)
NAME
makekey - Generates an encryption key
SYNOPSIS
/usr/lib/makekey
DESCRIPTION
The makekey command improves the usefulness of encryption schemes that
depend on a key by increasing the amount of time required to search the
key space. It reads 10 bytes from stdin and writes 13 bytes on stdout.
The output depends on the input in a way intended to be difficult to
compute (in other words, to require a substantial fraction of a second).
The first eight input bytes (the input key) can be arbitrary ASCII
characters. The last two (the salt) are best chosen from the set of
digits, ., /, and uppercase and lowercase letters. The salt characters
are repeated as the first two characters of the output. The remaining 11
output characters are chosen from the same set as the salt and constitute
the output key.
The transformation performed is essentially the following: the salt is
used to select one of 4,096 cryptographic machines all based on the
National Bureau of Standards DES algorithm, but broken in 4,096 different
ways. Using the input key as key, a constant string is fed into the
machine and recirculated a number of times. The 64 bits that come out are
distributed into the 66 output key bits in the result.
The makekey command is intended for programs that perform encryption.
Usually, its input and output will be pipes.
EXAMPLES
The following entry will return a 13-character encryption code:
echo reversefoo /usr/lib/makekey
CAUTIONS
This command is provided with the Security Administration Utilities, which
is only available in the United States.
EXIT VALUES
The makekey command always exits with a value of 0.
RELATED INFORMATION
2/94 - Intergraph Corporation 1
makekey(1) CLIX makekey(1)
Commands: ed(1), crypt(1), vi(1)
Files: passwd(4)
2 Intergraph Corporation - 2/94