The original passtokey took a (at most) 8 byte key and turned it into
a 56 bit DES key.  The easiest way to do it was to throw out the
high order bit since it conveyed no information in ASCII, a 7 bit
encodeing.  It survived our excursion into UTF encoding mostly
by inertia and a desire not to retype everyone's keys into the
auth server should we do something else, like take 56 bits of the
sha1 encoding of the key + a salt.