makekey - generate encryption key
The makekey command improves the usefulness of encryption schemes depending
on a key by increasing the amount of time required to search the key space.
It reads 10 bytes from its standard input, and writes 13 bytes on its stan-
dard output. The output depends on the input in a way intended to be dif-
ficult to compute (that is, to require a substantial fraction of a second).
The first eight input bytes (the "input key") can be arbitrary ASCII char-
acters. The last two (the salt) are best chosen from the set of digits,
uppercase and lowercase letters, the period (.), and the slash (/). The
salt characters are repeated as the first two characters of the output.
The remaining 11 output characters are chosen from the same set as the salt
and constitute the "output key".
The transformation performed is essentially the following: the salt is used
to select one of 4096 cryptographic machines all based on the National
Bureau of Standards DES algorithm, but modified in 4096 different ways.
Using the input key as key, a constant string is fed into the machine and
recirculated a number of times. The 64 bits that come out are distributed
into the 66 useful key bits in the result.
The makekey command is intended for programs that perform encryption (for
instance, ed. Usually input and output for makekey are pipes.
Commands: crypt(1), ed(1), ex(1), vi(1)