1*38a52bd3SEd Maste.\" $OpenBSD: moduli.5,v 1.19 2022/04/16 04:30:10 dtucker Exp $ 2d4af9e69SDag-Erling Smørgrav.\" 3d4af9e69SDag-Erling Smørgrav.\" Copyright (c) 2008 Damien Miller <djm@mindrot.org> 4d4af9e69SDag-Erling Smørgrav.\" 5d4af9e69SDag-Erling Smørgrav.\" Permission to use, copy, modify, and distribute this software for any 6d4af9e69SDag-Erling Smørgrav.\" purpose with or without fee is hereby granted, provided that the above 7d4af9e69SDag-Erling Smørgrav.\" copyright notice and this permission notice appear in all copies. 8d4af9e69SDag-Erling Smørgrav.\" 9d4af9e69SDag-Erling Smørgrav.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 10d4af9e69SDag-Erling Smørgrav.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 11d4af9e69SDag-Erling Smørgrav.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 12d4af9e69SDag-Erling Smørgrav.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 13d4af9e69SDag-Erling Smørgrav.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 14d4af9e69SDag-Erling Smørgrav.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 15d4af9e69SDag-Erling Smørgrav.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 16*38a52bd3SEd Maste.Dd $Mdocdate: April 16 2022 $ 17d4af9e69SDag-Erling Smørgrav.Dt MODULI 5 18d4af9e69SDag-Erling Smørgrav.Os 19d4af9e69SDag-Erling Smørgrav.Sh NAME 20d4af9e69SDag-Erling Smørgrav.Nm moduli 21e146993eSDag-Erling Smørgrav.Nd Diffie-Hellman moduli 22d4af9e69SDag-Erling Smørgrav.Sh DESCRIPTION 23d4af9e69SDag-Erling SmørgravThe 24d4af9e69SDag-Erling Smørgrav.Pa /etc/moduli 25d4af9e69SDag-Erling Smørgravfile contains prime numbers and generators for use by 26d4af9e69SDag-Erling Smørgrav.Xr sshd 8 27d4af9e69SDag-Erling Smørgravin the Diffie-Hellman Group Exchange key exchange method. 28d4af9e69SDag-Erling Smørgrav.Pp 29d4af9e69SDag-Erling SmørgravNew moduli may be generated with 30d4af9e69SDag-Erling Smørgrav.Xr ssh-keygen 1 31d4af9e69SDag-Erling Smørgravusing a two-step process. 32d4af9e69SDag-Erling SmørgravAn initial 33d4af9e69SDag-Erling Smørgrav.Em candidate generation 34d4af9e69SDag-Erling Smørgravpass, using 35*38a52bd3SEd Maste.Ic ssh-keygen -M generate , 36d4af9e69SDag-Erling Smørgravcalculates numbers that are likely to be useful. 37d4af9e69SDag-Erling SmørgravA second 38d4af9e69SDag-Erling Smørgrav.Em primality testing 39d4af9e69SDag-Erling Smørgravpass, using 40*38a52bd3SEd Maste.Ic ssh-keygen -M screen , 41d4af9e69SDag-Erling Smørgravprovides a high degree of assurance that the numbers are prime and are 42e146993eSDag-Erling Smørgravsafe for use in Diffie-Hellman operations by 43d4af9e69SDag-Erling Smørgrav.Xr sshd 8 . 44d4af9e69SDag-Erling SmørgravThis 45d4af9e69SDag-Erling Smørgrav.Nm 46d4af9e69SDag-Erling Smørgravformat is used as the output from each pass. 47d4af9e69SDag-Erling Smørgrav.Pp 48d4af9e69SDag-Erling SmørgravThe file consists of newline-separated records, one per modulus, 49e146993eSDag-Erling Smørgravcontaining seven space-separated fields. 50d4af9e69SDag-Erling SmørgravThese fields are as follows: 51d4af9e69SDag-Erling Smørgrav.Bl -tag -width Description -offset indent 52d4af9e69SDag-Erling Smørgrav.It timestamp 53d4af9e69SDag-Erling SmørgravThe time that the modulus was last processed as YYYYMMDDHHMMSS. 54d4af9e69SDag-Erling Smørgrav.It type 55d4af9e69SDag-Erling SmørgravDecimal number specifying the internal structure of the prime modulus. 56d4af9e69SDag-Erling SmørgravSupported types are: 57d4af9e69SDag-Erling Smørgrav.Pp 58d4af9e69SDag-Erling Smørgrav.Bl -tag -width 0x00 -compact 59d4af9e69SDag-Erling Smørgrav.It 0 60e146993eSDag-Erling SmørgravUnknown, not tested. 61d4af9e69SDag-Erling Smørgrav.It 2 62d4af9e69SDag-Erling Smørgrav"Safe" prime; (p-1)/2 is also prime. 63d4af9e69SDag-Erling Smørgrav.It 4 646888a9beSDag-Erling SmørgravSophie Germain; 2p+1 is also prime. 65d4af9e69SDag-Erling Smørgrav.El 66d4af9e69SDag-Erling Smørgrav.Pp 67d4af9e69SDag-Erling SmørgravModuli candidates initially produced by 68d4af9e69SDag-Erling Smørgrav.Xr ssh-keygen 1 69d4af9e69SDag-Erling Smørgravare Sophie Germain primes (type 4). 70e146993eSDag-Erling SmørgravFurther primality testing with 71d4af9e69SDag-Erling Smørgrav.Xr ssh-keygen 1 72d4af9e69SDag-Erling Smørgravproduces safe prime moduli (type 2) that are ready for use in 73d4af9e69SDag-Erling Smørgrav.Xr sshd 8 . 74d4af9e69SDag-Erling SmørgravOther types are not used by OpenSSH. 75d4af9e69SDag-Erling Smørgrav.It tests 76d4af9e69SDag-Erling SmørgravDecimal number indicating the type of primality tests that the number 77d4af9e69SDag-Erling Smørgravhas been subjected to represented as a bitmask of the following values: 78d4af9e69SDag-Erling Smørgrav.Pp 79d4af9e69SDag-Erling Smørgrav.Bl -tag -width 0x00 -compact 80d4af9e69SDag-Erling Smørgrav.It 0x00 81e146993eSDag-Erling SmørgravNot tested. 82d4af9e69SDag-Erling Smørgrav.It 0x01 83e146993eSDag-Erling SmørgravComposite number \(en not prime. 84d4af9e69SDag-Erling Smørgrav.It 0x02 85e146993eSDag-Erling SmørgravSieve of Eratosthenes. 86d4af9e69SDag-Erling Smørgrav.It 0x04 87e146993eSDag-Erling SmørgravProbabilistic Miller-Rabin primality tests. 88d4af9e69SDag-Erling Smørgrav.El 89d4af9e69SDag-Erling Smørgrav.Pp 90d4af9e69SDag-Erling SmørgravThe 91d4af9e69SDag-Erling Smørgrav.Xr ssh-keygen 1 92d4af9e69SDag-Erling Smørgravmoduli candidate generation uses the Sieve of Eratosthenes (flag 0x02). 93d4af9e69SDag-Erling SmørgravSubsequent 94d4af9e69SDag-Erling Smørgrav.Xr ssh-keygen 1 95d4af9e69SDag-Erling Smørgravprimality tests are Miller-Rabin tests (flag 0x04). 96d4af9e69SDag-Erling Smørgrav.It trials 97e146993eSDag-Erling SmørgravDecimal number indicating the number of primality trials 98e146993eSDag-Erling Smørgravthat have been performed on the modulus. 99d4af9e69SDag-Erling Smørgrav.It size 100d4af9e69SDag-Erling SmørgravDecimal number indicating the size of the prime in bits. 101d4af9e69SDag-Erling Smørgrav.It generator 102d4af9e69SDag-Erling SmørgravThe recommended generator for use with this modulus (hexadecimal). 103d4af9e69SDag-Erling Smørgrav.It modulus 104d4af9e69SDag-Erling SmørgravThe modulus itself in hexadecimal. 105d4af9e69SDag-Erling Smørgrav.El 106d4af9e69SDag-Erling Smørgrav.Pp 107e146993eSDag-Erling SmørgravWhen performing Diffie-Hellman Group Exchange, 108d4af9e69SDag-Erling Smørgrav.Xr sshd 8 109d4af9e69SDag-Erling Smørgravfirst estimates the size of the modulus required to produce enough 110e146993eSDag-Erling SmørgravDiffie-Hellman output to sufficiently key the selected symmetric cipher. 111d4af9e69SDag-Erling Smørgrav.Xr sshd 8 112d4af9e69SDag-Erling Smørgravthen randomly selects a modulus from 113d4af9e69SDag-Erling Smørgrav.Fa /etc/moduli 114d4af9e69SDag-Erling Smørgravthat best meets the size requirement. 115d4af9e69SDag-Erling Smørgrav.Sh SEE ALSO 116d4af9e69SDag-Erling Smørgrav.Xr ssh-keygen 1 , 117e146993eSDag-Erling Smørgrav.Xr sshd 8 1186888a9beSDag-Erling Smørgrav.Sh STANDARDS 119d4af9e69SDag-Erling Smørgrav.Rs 1206888a9beSDag-Erling Smørgrav.%A M. Friedl 1216888a9beSDag-Erling Smørgrav.%A N. Provos 1226888a9beSDag-Erling Smørgrav.%A W. Simpson 1236888a9beSDag-Erling Smørgrav.%D March 2006 124d4af9e69SDag-Erling Smørgrav.%R RFC 4419 1256888a9beSDag-Erling Smørgrav.%T Diffie-Hellman Group Exchange for the Secure Shell (SSH) Transport Layer Protocol 126d4af9e69SDag-Erling Smørgrav.Re 127