NAME
makekey - generate encryption key

SYNOPSIS
/usr/lib/makekey

DESCRIPTION
The international version of the MachTen system contains a
different program which simply adds 3 null characters to the input
and produces an output.

Makekey improves the usefulness of encryption schemes depending on
a key by increasing the amount of time required to search the key
space. It reads 10 bytes from its standard input, and writes 13
bytes on its standard output. The output depends on the input in a
way intended to be difficult to compute (that is, to require a
substantial fraction of a second).

The first eight input bytes (the input key) can be arbitrary ASCII
characters. The last two (the salt) are best chosen from the set
of digits, upper- and lower-case letters, and ‘.’ and ‘/’. The
salt characters are repeated as the first two characters of the
output. The remaining 11 output characters are chosen from the
same set as the salt and constitute the output key.

The transformation performed is essentially the following: the salt
is used to select one of 4096 cryptographic machines all based on
the National Bureau of Standards DES algorithm, but modified in
4096 different ways. Using the input key as key, a constant string
is fed into the machine and recirculated a number of times. The 64
bits that come out are distributed into the 66 useful key bits in
the result.

Makekey is intended for programs that perform encryption (for
instance, ed(1) and crypt(1)). Usually makekey’s input and output
will be pipes.

SEE ALSO
crypt(1), ed(1)