FAQ | Frequently Asked Questions

brought to you by your friendly
UC Davis Geology Department Computing Support Team

Q: What's a mekmitasdigoat?
A: From: John Ladwig: "My, what a fun little diversion this turned out to be. Research notes and literature search are appended, but the answer is provided by Dan Harkins, who was instrumental in bringing the term into common usage:"

Ref: http://monkey.org/openbsd/archive/misc/0101/msg01521.html
    It's from a menu for a Jamaican restaurant in Cary, NC (although
    the locals said, "You're not in North Carolina, you're in Cary.")
    The menu had helpful "Jamaican" phrases with their English
    equivalents and "I would like to try the goat please" was
    "mekmitasdigoat".  It should be parsed something along the lines
    of mek mi tas di goat. Say "ya mahn" (Peter Tosh style) about 10
    times and then try "mekmitasdigoat".

    We were attending the IPsec bakeoff sponsored by Cisco and that
    phrase became the pre-shared key for use in interoperability
    testing at the bakeoff and then it just stuck. It was canonized in
    the draft for use throughout the entire Internet for useful things
    like scaling authentication schemes to millions of users without
    that nasty trouble of having to actually have a certified public
    key. It's also useful for taking the human bottleneck out of
    certificate issuance! It's a hammer for every nail!

      Dan.

www.ietf.org/proceedings/98aug/I-D/draft-ietf-ipsec-internet-key-00.txt
Piper, Harkins                                                  [Page 2]

INTERNET DRAFT                                             April 1, 1998


   All security implementations that include support for pre-shared keys
   MUST be capable of supporting the Pre-Shared Key for the Internet.

   The pre-shared key for the Internet is 14 octets in length.  It is
   represented in ASCII as "mekmitasdigoat" without the accompanying
   quotation marks.  In hexadecimal it is represented as:
   0x6d656b6d697461736469676f6174.  There MUST NOT be any additional
   termination characters (such as a terminating NULL). 


There was a call for derivation on the apparent use TIS Labs ipsec mailing 
list, dated Tue, 27 Apr 1999 from John Gilmore, but no visible responses 
in that thread.  

Another use was 1 Jul, 1998, Dan Harkins, posting from Cisco, also notes 
an ID_KEY_ID "blob" value of "geukghisohfewh." [ This is believed to
be purely gibberish.] 

"mekmitasdigoat" also appears in:

www.ietf.org/internet-drafts/draft-hoffman-ipsec-testing-01.txt 
Internet Draft                                            Paul Hoffman
draft-hoffman-ipsec-testing-01.txt                      VPN Consortium
September 9, 2000                                   Michael Richardson
Expires in six months                         Sandelman Software Works
               Steps for IPsec Interoperability Testing

And, of course, the OpenBSD FAQ, but that's where this all came in.