Go to most recent revision | Details | Last modification | View Log | RSS feed
Rev | Author | Line No. | Line |
---|---|---|---|
125 | magnus | 1 | .\" Hey, EMACS: -*- nroff -*- |
2 | .\" First parameter, NAME, should be all caps |
||
3 | .\" Second parameter, SECTION, should be 1-8, maybe w/ subsection |
||
4 | .\" other parameters are allowed: see man(7), man(1) |
||
5 | .TH NETTLE\-PBKDF2 1 "June 2014" "Nettle 3.0" "Nettle tools" |
||
6 | .\" Please adjust this date whenever revising the manpage. |
||
7 | .SH NAME |
||
8 | nettle\-pbkdf2 \- Command-line password-based key derivation tool. |
||
9 | .SH SYNOPSIS |
||
10 | .B nettle\-pbkdf2 |
||
11 | .RI [ OPTIONS ] |
||
12 | .I SALT |
||
13 | .SH DESCRIPTION |
||
14 | This manual page documents briefly the |
||
15 | .B nettle\-pbkdf2 |
||
16 | command. |
||
17 | This manual page was written for the Debian GNU/Linux distribution |
||
18 | because the original program does not have a manual page. |
||
19 | .PP |
||
20 | .\" TeX users may be more comfortable with the \fB<whatever>\fP and |
||
21 | .\" \fI<whatever>\fP escape sequences to invode bold face and italics, |
||
22 | .\" respectively. |
||
23 | \fBnettle\-pbkdf2\fP is a front-end for Nettle's PBKDF2 |
||
24 | (Password-Based Key Derivation Function 2) implementation. PBKDF2 |
||
25 | applies a pseudo-random function to a passphrase together with a salt, |
||
26 | producing a \fIderived key\fP of arbitrary length. By iterating the |
||
27 | process many times, feeding the output of each round as the input of |
||
28 | the next, brute-force cracking of the password is made to take |
||
29 | correspondingly longer time. The use of a salt makes it harder to use |
||
30 | dictionaries or rainbow tables. As computers become more powerful, the |
||
31 | number of iterations can be increased without changing the rest of the |
||
32 | algorithm. |
||
33 | .PP |
||
34 | The pseudo-random function used by this tool is currently HMAC-SHA256. |
||
35 | .PP |
||
36 | The password is read from standard input and the resulting derived key |
||
37 | is written to standard output in groups of 16 hexadecimal digits, |
||
38 | unless the \-\-raw option is used. The salt and number of iterations |
||
39 | are not included in the output. |
||
40 | .SH OPTIONS |
||
41 | This program follows the usual GNU command line syntax, with long |
||
42 | options starting with two dashes (`-'). A summary of options is |
||
43 | included below. |
||
44 | .TP |
||
45 | .B \-l, \-\-length=\fIlength\fP |
||
46 | Desired output length in octets. |
||
47 | .TP |
||
48 | .B \-\-raw |
||
49 | Output derived key in raw binary format. |
||
50 | .TP |
||
51 | .B \-\-hex-salt |
||
52 | Specifies that \fISALT\fP is provided in hexadecimal format. |
||
53 | .TP |
||
54 | .B \-\-help |
||
55 | Show summary of options. |
||
56 | .TP |
||
57 | .B \-V, \-\-version |
||
58 | Show version of program. |
||
59 | .SH SEE ALSO |
||
60 | .BR mkpasswd (1) , |
||
61 | .IR https://en.wikipedia.org/wiki/PBKDF2 |
||
62 | .SH AUTHOR |
||
63 | This manual page was originally written by Magnus Holmgren <holmgren@debian.org>, |
||
64 | for the Debian GNU/Linux system (but may be used by others). |