diff options
Diffstat (limited to 'moduli.0')
-rw-r--r-- | moduli.0 | 74 |
1 files changed, 74 insertions, 0 deletions
diff --git a/moduli.0 b/moduli.0 new file mode 100644 index 000000000..77dfa4295 --- /dev/null +++ b/moduli.0 | |||
@@ -0,0 +1,74 @@ | |||
1 | MODULI(5) OpenBSD Programmer's Manual MODULI(5) | ||
2 | |||
3 | NAME | ||
4 | moduli - Diffie-Hellman moduli | ||
5 | |||
6 | DESCRIPTION | ||
7 | The /etc/moduli file contains prime numbers and generators for use by | ||
8 | sshd(8) in the Diffie-Hellman Group Exchange key exchange method. | ||
9 | |||
10 | New moduli may be generated with ssh-keygen(1) using a two-step process. | ||
11 | An initial candidate generation pass, using ssh-keygen -G, calculates | ||
12 | numbers that are likely to be useful. A second primality testing pass, | ||
13 | using ssh-keygen -T, provides a high degree of assurance that the numbers | ||
14 | are prime and are safe for use in Diffie-Hellman operations by sshd(8). | ||
15 | This moduli format is used as the output from each pass. | ||
16 | |||
17 | The file consists of newline-separated records, one per modulus, | ||
18 | containing seven space-separated fields. These fields are as follows: | ||
19 | |||
20 | timestamp The time that the modulus was last processed as | ||
21 | YYYYMMDDHHMMSS. | ||
22 | |||
23 | type Decimal number specifying the internal structure of | ||
24 | the prime modulus. Supported types are: | ||
25 | |||
26 | 0 Unknown, not tested. | ||
27 | 2 "Safe" prime; (p-1)/2 is also prime. | ||
28 | 4 Sophie Germain; 2p+1 is also prime. | ||
29 | |||
30 | Moduli candidates initially produced by ssh-keygen(1) | ||
31 | are Sophie Germain primes (type 4). Further primality | ||
32 | testing with ssh-keygen(1) produces safe prime moduli | ||
33 | (type 2) that are ready for use in sshd(8). Other | ||
34 | types are not used by OpenSSH. | ||
35 | |||
36 | tests Decimal number indicating the type of primality tests | ||
37 | that the number has been subjected to represented as a | ||
38 | bitmask of the following values: | ||
39 | |||
40 | 0x00 Not tested. | ||
41 | 0x01 Composite number - not prime. | ||
42 | 0x02 Sieve of Eratosthenes. | ||
43 | 0x04 Probabilistic Miller-Rabin primality tests. | ||
44 | |||
45 | The ssh-keygen(1) moduli candidate generation uses the | ||
46 | Sieve of Eratosthenes (flag 0x02). Subsequent | ||
47 | ssh-keygen(1) primality tests are Miller-Rabin tests | ||
48 | (flag 0x04). | ||
49 | |||
50 | trials Decimal number indicating the number of primality | ||
51 | trials that have been performed on the modulus. | ||
52 | |||
53 | size Decimal number indicating the size of the prime in | ||
54 | bits. | ||
55 | |||
56 | generator The recommended generator for use with this modulus | ||
57 | (hexadecimal). | ||
58 | |||
59 | modulus The modulus itself in hexadecimal. | ||
60 | |||
61 | When performing Diffie-Hellman Group Exchange, sshd(8) first estimates | ||
62 | the size of the modulus required to produce enough Diffie-Hellman output | ||
63 | to sufficiently key the selected symmetric cipher. sshd(8) then randomly | ||
64 | selects a modulus from /etc/moduli that best meets the size requirement. | ||
65 | |||
66 | SEE ALSO | ||
67 | ssh-keygen(1), sshd(8) | ||
68 | |||
69 | STANDARDS | ||
70 | M. Friedl, N. Provos, and W. Simpson, Diffie-Hellman Group Exchange for | ||
71 | the Secure Shell (SSH) Transport Layer Protocol, RFC 4419, March 2006, | ||
72 | 2006. | ||
73 | |||
74 | OpenBSD 5.3 September 26, 2012 OpenBSD 5.3 | ||