Rev 125 | Blame | Compare with Previous | Last modification | View Log | RSS feed
.\" Hey, EMACS: -*- nroff -*-
.\" First parameter, NAME, should be all caps
.\" Second parameter, SECTION, should be 1-8, maybe w/ subsection
.\" other parameters are allowed: see man(7), man(1)
.TH NETTLE\-PBKDF2 1 "June 2014" "Nettle 3.0" "Nettle tools"
.\" Please adjust this date whenever revising the manpage.
.SH NAME
nettle\-pbkdf2 \- Command-line password-based key derivation tool.
.SH SYNOPSIS
.B nettle\-pbkdf2
.RI [ OPTIONS ]
.I SALT
.SH DESCRIPTION
This manual page documents briefly the
.B nettle\-pbkdf2
command.
This manual page was written for the Debian GNU/Linux distribution
because the original program does not have a manual page.
.PP
.\" TeX users may be more comfortable with the \fB<whatever>\fP and
.\" \fI<whatever>\fP escape sequences to invode bold face and italics,
.\" respectively.
\fBnettle\-pbkdf2\fP is a front-end for Nettle's PBKDF2
(Password-Based Key Derivation Function 2) implementation. PBKDF2
applies a pseudo-random function to a passphrase together with a salt,
producing a \fIderived key\fP of arbitrary length. By iterating the
process many times, feeding the output of each round as the input of
the next, brute-force cracking of the password is made to take
correspondingly longer time. The use of a salt makes it harder to use
dictionaries or rainbow tables. As computers become more powerful, the
number of iterations can be increased without changing the rest of the
algorithm.
.PP
The pseudo-random function used by this tool is currently HMAC-SHA256.
.PP
The password is read from standard input and the resulting derived key
is written to standard output in groups of 16 hexadecimal digits,
unless the \-\-raw option is used. The salt and number of iterations
are not included in the output.
.SH OPTIONS
This program follows the usual GNU command line syntax, with long
options starting with two dashes (`-'). A summary of options is
included below.
.TP
.B \-l, \-\-length=\fIlength\fP
Desired output length in octets.
.TP
.B \-\-raw
Output derived key in raw binary format.
.TP
.B \-\-hex-salt
Specifies that \fISALT\fP is provided in hexadecimal format.
.TP
.B \-\-help
Show summary of options.
.TP
.B \-V, \-\-version
Show version of program.
.SH SEE ALSO
.BR mkpasswd (1) ,
.IR https://en.wikipedia.org/wiki/PBKDF2
.SH AUTHOR
This manual page was originally written by Magnus Holmgren <holmgren@debian.org>,
for the Debian GNU/Linux system (but may be used by others).