summaryrefslogtreecommitdiff
path: root/moduli.5
diff options
context:
space:
mode:
authorColin Watson <cjwatson@debian.org>2009-12-29 21:42:53 +0000
committerColin Watson <cjwatson@debian.org>2009-12-29 21:42:53 +0000
commit87552344215a38d3a2b0d4d63dc151e05978bbe1 (patch)
tree9f4b96055e6ccaa915e8d59d9f2805e9e119371d /moduli.5
parenta25ec0b132c44c9e341e08464ff830de06b81126 (diff)
parentef94e5613d37bcbf880f21ee6094e4b1c7683a4c (diff)
import openssh-5.1p1-gsskex-cjwatson-20080722.patch
Diffstat (limited to 'moduli.5')
-rw-r--r--moduli.5124
1 files changed, 124 insertions, 0 deletions
diff --git a/moduli.5 b/moduli.5
new file mode 100644
index 000000000..4a99439cc
--- /dev/null
+++ b/moduli.5
@@ -0,0 +1,124 @@
1.\" $OpenBSD: moduli.5,v 1.12 2008/06/26 05:57:54 djm Exp $
2.\"
3.\" Copyright (c) 2008 Damien Miller <djm@mindrot.org>
4.\"
5.\" Permission to use, copy, modify, and distribute this software for any
6.\" purpose with or without fee is hereby granted, provided that the above
7.\" copyright notice and this permission notice appear in all copies.
8.\"
9.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16.Dd $Mdocdate: June 26 2008 $
17.Dt MODULI 5
18.Os
19.Sh NAME
20.Nm moduli
21.Nd Diffie Hellman moduli
22.Sh DESCRIPTION
23The
24.Pa /etc/moduli
25file contains prime numbers and generators for use by
26.Xr sshd 8
27in the Diffie-Hellman Group Exchange key exchange method.
28.Pp
29New moduli may be generated with
30.Xr ssh-keygen 1
31using a two-step process.
32An initial
33.Em candidate generation
34pass, using
35.Ic ssh-keygen -G ,
36calculates numbers that are likely to be useful.
37A second
38.Em primality testing
39pass, using
40.Ic ssh-keygen -T
41provides a high degree of assurance that the numbers are prime and are
42safe for use in Diffie Hellman operations by
43.Xr sshd 8 .
44This
45.Nm
46format is used as the output from each pass.
47.Pp
48The file consists of newline-separated records, one per modulus,
49containing seven space separated fields.
50These fields are as follows:
51.Pp
52.Bl -tag -width Description -offset indent
53.It timestamp
54The time that the modulus was last processed as YYYYMMDDHHMMSS.
55.It type
56Decimal number specifying the internal structure of the prime modulus.
57Supported types are:
58.Pp
59.Bl -tag -width 0x00 -compact
60.It 0
61Unknown, not tested
62.It 2
63"Safe" prime; (p-1)/2 is also prime.
64.It 4
65Sophie Germain; (p+1)*2 is also prime.
66.El
67.Pp
68Moduli candidates initially produced by
69.Xr ssh-keygen 1
70are Sophie Germain primes (type 4).
71Futher primality testing with
72.Xr ssh-keygen 1
73produces safe prime moduli (type 2) that are ready for use in
74.Xr sshd 8 .
75Other types are not used by OpenSSH.
76.It tests
77Decimal number indicating the type of primality tests that the number
78has been subjected to represented as a bitmask of the following values:
79.Pp
80.Bl -tag -width 0x00 -compact
81.It 0x00
82Not tested
83.It 0x01
84Composite number - not prime.
85.It 0x02
86Sieve of Eratosthenes
87.It 0x04
88Probabalistic Miller-Rabin primality tests.
89.El
90.Pp
91The
92.Xr ssh-keygen 1
93moduli candidate generation uses the Sieve of Eratosthenes (flag 0x02).
94Subsequent
95.Xr ssh-keygen 1
96primality tests are Miller-Rabin tests (flag 0x04).
97.It trials
98Decimal number indicating of primaility trials that have been performed
99on the modulus.
100.It size
101Decimal number indicating the size of the prime in bits.
102.It generator
103The recommended generator for use with this modulus (hexadecimal).
104.It modulus
105The modulus itself in hexadecimal.
106.El
107.Pp
108When performing Diffie Hellman Group Exchange,
109.Xr sshd 8
110first estimates the size of the modulus required to produce enough
111Diffie Hellman output to sufficiently key the selected symmetric cipher.
112.Xr sshd 8
113then randomly selects a modulus from
114.Fa /etc/moduli
115that best meets the size requirement.
116.Pp
117.Sh SEE ALSO
118.Xr ssh-keygen 1 ,
119.Xr sshd 8 ,
120.Rs
121.%R RFC 4419
122.%T "Diffie-Hellman Group Exchange for the Secure Shell (SSH) Transport Layer Protocol"
123.%D 2006
124.Re