1MAKEKEY(8) System Manager's Manual MAKEKEY(8)
2
3
4
6 makekey - generate encryption key
7
9 /usr/sbin/makekey
10
12 Makekey improves the usefulness of encryption schemes depending on a
13 key by increasing the amount of time required to search the key space.
14 It reads 10 bytes from its standard input, and writes 13 bytes on its
15 standard output. The output depends on the input in a way intended to
16 be difficult to compute (that is, to require a substantial fraction of
17 a second).
18
19 The first eight input bytes (the input key) can be arbitrary ASCII
20 characters. The last two (the salt) are best chosen from the set of
21 digits, upper- and lower-case letters, and `.' and `/'. The salt char‐
22 acters are repeated as the first two characters of the output. The
23 remaining 11 output characters are chosen from the same set as the salt
24 and constitute the output key.
25
26 The transformation performed is essentially the following: the salt is
27 used to select one of 4096 cryptographic machines all based on the
28 National Bureau of Standards DES algorithm, but modified in 4096 dif‐
29 ferent ways. Using the input key as key, a constant string is fed into
30 the machine and recirculated a number of times. The 64 bits that come
31 out are distributed into the 66 useful key bits in the result.
32
33 Makekey is intended for programs that perform encryption (for instance,
34 ed and crypt(1)). Usually makekey's input and output will be pipes.
35
37 crypt(1), ed(1)
38
39
40
417th Edition October 23, 1996 MAKEKEY(8)