makekey - generate encryption key
The makekey command improves the usefulness of encryption
schemes depending on a key by increasing the amount of
time required to search the key space. It reads 10 bytes
from its standard input, and writes 13 bytes on its standard
output. The output depends on the input in a way
intended to be difficult to compute (that is, to require a
substantial fraction of a second).
The first eight input bytes (the "input key") can be arbitrary
ASCII characters. The last two (the salt) are best
chosen from the set of digits, uppercase and lowercase
letters, the period (.), and the slash (/). The salt characters
are repeated as the first two characters of the
output. The remaining 11 output characters are chosen from
the same set as the salt and constitute the "output key".
The transformation performed is essentially the following:
the salt is used to select one of 4096 cryptographic
machines all based on the National Bureau of Standards DES
algorithm, but modified in 4096 different ways. Using the
input key as key, a constant string is fed into the
machine and recirculated a number of times. The 64 bits
that come out are distributed into the 66 useful key bits
in the result.
The makekey command is intended for programs that perform
encryption (for instance, ed. Usually input and output for
makekey are pipes.
Commands: crypt(1), ed(1), ex(1), vi(1)
[ Back ]