Rev 125 | Only display areas with differences | Ignore whitespace | Details | Blame | Last modification | View Log | RSS feed
Rev 125 | Rev 136 | ||
---|---|---|---|
1 | .\" Hey, EMACS: -*- nroff -*- |
1 | .\" Hey, EMACS: -*- nroff -*- |
2 | .\" First parameter, NAME, should be all caps |
2 | .\" First parameter, NAME, should be all caps |
3 | .\" Second parameter, SECTION, should be 1-8, maybe w/ subsection |
3 | .\" Second parameter, SECTION, should be 1-8, maybe w/ subsection |
4 | .\" other parameters are allowed: see man(7), man(1) |
4 | .\" other parameters are allowed: see man(7), man(1) |
5 | .TH NETTLE\-PBKDF2 1 "June 2014" "Nettle 3.0" "Nettle tools" |
5 | .TH NETTLE\-PBKDF2 1 "June 2014" "Nettle 3.0" "Nettle tools" |
6 | .\" Please adjust this date whenever revising the manpage. |
6 | .\" Please adjust this date whenever revising the manpage. |
7 | .SH NAME |
7 | .SH NAME |
8 | nettle\-pbkdf2 \- Command-line password-based key derivation tool. |
8 | nettle\-pbkdf2 \- Command-line password-based key derivation tool. |
9 | .SH SYNOPSIS |
9 | .SH SYNOPSIS |
10 | .B nettle\-pbkdf2 |
10 | .B nettle\-pbkdf2 |
11 | .RI [ OPTIONS ] |
11 | .RI [ OPTIONS ] |
12 | .I SALT |
12 | .I SALT |
13 | .SH DESCRIPTION |
13 | .SH DESCRIPTION |
14 | This manual page documents briefly the |
14 | This manual page documents briefly the |
15 | .B nettle\-pbkdf2 |
15 | .B nettle\-pbkdf2 |
16 | command. |
16 | command. |
17 | This manual page was written for the Debian GNU/Linux distribution |
17 | This manual page was written for the Debian GNU/Linux distribution |
18 | because the original program does not have a manual page. |
18 | because the original program does not have a manual page. |
19 | .PP |
19 | .PP |
20 | .\" TeX users may be more comfortable with the \fB<whatever>\fP and |
20 | .\" TeX users may be more comfortable with the \fB<whatever>\fP and |
21 | .\" \fI<whatever>\fP escape sequences to invode bold face and italics, |
21 | .\" \fI<whatever>\fP escape sequences to invode bold face and italics, |
22 | .\" respectively. |
22 | .\" respectively. |
23 | \fBnettle\-pbkdf2\fP is a front-end for Nettle's PBKDF2 |
23 | \fBnettle\-pbkdf2\fP is a front-end for Nettle's PBKDF2 |
24 | (Password-Based Key Derivation Function 2) implementation. PBKDF2 |
24 | (Password-Based Key Derivation Function 2) implementation. PBKDF2 |
25 | applies a pseudo-random function to a passphrase together with a salt, |
25 | applies a pseudo-random function to a passphrase together with a salt, |
26 | producing a \fIderived key\fP of arbitrary length. By iterating the |
26 | producing a \fIderived key\fP of arbitrary length. By iterating the |
27 | process many times, feeding the output of each round as the input of |
27 | process many times, feeding the output of each round as the input of |
28 | the next, brute-force cracking of the password is made to take |
28 | the next, brute-force cracking of the password is made to take |
29 | correspondingly longer time. The use of a salt makes it harder to use |
29 | correspondingly longer time. The use of a salt makes it harder to use |
30 | dictionaries or rainbow tables. As computers become more powerful, the |
30 | dictionaries or rainbow tables. As computers become more powerful, the |
31 | number of iterations can be increased without changing the rest of the |
31 | number of iterations can be increased without changing the rest of the |
32 | algorithm. |
32 | algorithm. |
33 | .PP |
33 | .PP |
34 | The pseudo-random function used by this tool is currently HMAC-SHA256. |
34 | The pseudo-random function used by this tool is currently HMAC-SHA256. |
35 | .PP |
35 | .PP |
36 | The password is read from standard input and the resulting derived key |
36 | The password is read from standard input and the resulting derived key |
37 | is written to standard output in groups of 16 hexadecimal digits, |
37 | is written to standard output in groups of 16 hexadecimal digits, |
38 | unless the \-\-raw option is used. The salt and number of iterations |
38 | unless the \-\-raw option is used. The salt and number of iterations |
39 | are not included in the output. |
39 | are not included in the output. |
40 | .SH OPTIONS |
40 | .SH OPTIONS |
41 | This program follows the usual GNU command line syntax, with long |
41 | This program follows the usual GNU command line syntax, with long |
42 | options starting with two dashes (`-'). A summary of options is |
42 | options starting with two dashes (`-'). A summary of options is |
43 | included below. |
43 | included below. |
44 | .TP |
44 | .TP |
45 | .B \-l, \-\-length=\fIlength\fP |
45 | .B \-l, \-\-length=\fIlength\fP |
46 | Desired output length in octets. |
46 | Desired output length in octets. |
47 | .TP |
47 | .TP |
48 | .B \-\-raw |
48 | .B \-\-raw |
49 | Output derived key in raw binary format. |
49 | Output derived key in raw binary format. |
50 | .TP |
50 | .TP |
51 | .B \-\-hex-salt |
51 | .B \-\-hex-salt |
52 | Specifies that \fISALT\fP is provided in hexadecimal format. |
52 | Specifies that \fISALT\fP is provided in hexadecimal format. |
53 | .TP |
53 | .TP |
54 | .B \-\-help |
54 | .B \-\-help |
55 | Show summary of options. |
55 | Show summary of options. |
56 | .TP |
56 | .TP |
57 | .B \-V, \-\-version |
57 | .B \-V, \-\-version |
58 | Show version of program. |
58 | Show version of program. |
59 | .SH SEE ALSO |
59 | .SH SEE ALSO |
60 | .BR mkpasswd (1) , |
60 | .BR mkpasswd (1) , |
61 | .IR https://en.wikipedia.org/wiki/PBKDF2 |
61 | .IR https://en.wikipedia.org/wiki/PBKDF2 |
62 | .SH AUTHOR |
62 | .SH AUTHOR |
63 | This manual page was originally written by Magnus Holmgren <holmgren@debian.org>, |
63 | This manual page was originally written by Magnus Holmgren <holmgren@debian.org>, |
64 | for the Debian GNU/Linux system (but may be used by others). |
64 | for the Debian GNU/Linux system (but may be used by others). |