NAME
makekey — generate encryption key
DESCRIPTION
makekey
improves the usefulness of encryption schemes depending on a key
by increasing the amount of time required to search the key space.
It reads 10 bytes from its standard input
and writes 13 bytes on its standard output.
The output depends on the input in a way intended
to be difficult to compute (i.e., to require a substantial
fraction of a second).
The first eight input bytes
(the
input key)
can be arbitrary
ASCII
characters.
The last two (the
salt)
are best chosen from the set of digits,
.,
/,
and uppercase and lowercase letters.
The salt characters are repeated as the first two characters of the output.
The remaining 11 output characters are chosen from the same set as the salt
and constitute the
output key.
The transformation performed is essentially the following:
the salt is used to select one of 4,096 cryptographic
machines all based on the National Bureau of Standards
DES
algorithm, but broken in 4,096 different ways.
Using the
input key
as key, a constant string is fed into the machine
and recirculated a number of times.
The 64 bits that come out are distributed into the 66
output key
bits in the result.
makekey
is intended for programs that perform encryption
(e.g.,
ed(1)
and
crypt(1)).
Usually, its input and output will be pipes.
Printable version
