1.\" $OpenBSD: moduli.5,v 1.3 2001/06/24 18:50:52 provos Exp $ 2.\" $FreeBSD$ 3.\" 4.\" Copyright 1997, 2000 William Allen Simpson <wsimpson@greendragon.com> 5.\" All rights reserved. 6.\" 7.\" Redistribution and use in source and binary forms, with or without 8.\" modification, are permitted provided that the following conditions 9.\" are met: 10.\" 1. Redistributions of source code must retain the above copyright 11.\" notice, this list of conditions and the following disclaimer. 12.\" 2. Redistributions in binary form must reproduce the above copyright 13.\" notice, this list of conditions and the following disclaimer in the 14.\" documentation and/or other materials provided with the distribution. 15.\" 3. All advertising materials mentioning features or use of this software 16.\" must display the following acknowledgement: 17.\" This product includes software designed by William Allen Simpson. 18.\" 4. The name of the author may not be used to endorse or promote products 19.\" derived from this software without specific prior written permission. 20.\" 21.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 22.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 23.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 24.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 25.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 26.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 27.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 28.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 29.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 30.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 31.\" 32.\" Manual page, using -mandoc macros 33.\" 34.Dd July 28, 1997 35.Dt MODULI 5 36.Os 37.Sh NAME 38.Nm moduli 39.Nd system moduli file 40.Sh DESCRIPTION 41The 42.Pa /etc/ssh/moduli 43file contains the system-wide Diffie-Hellman prime moduli for the 44.Xr photurisd 8 45and 46.Xr sshd 8 47programs. 48.Pp 49Each line in this file contains the following fields: 50Time, Type, Tests, Tries, Size, Generator, Modulus. 51The fields are separated by white space (tab or blank). 52.Pp 53.Fa Time : yyyymmddhhmmss . 54Specifies the system time that the line was appended to the file. 55The value 00000000000000 means unknown (historic). 56.\"The file is sorted in ascending order. 57.Pp 58.Fa Type : decimal . 59Specifies the internal structure of the prime modulus. 60.Pp 61.Bl -tag -width indent -offset indent -compact 62.It 0 : 63unknown; 64often learned from peer during protocol operation, 65and saved for later analysis. 66.It 1 : 67unstructured; 68a common large number. 69.It 2 : 70safe (p = 2q + 1); 71meets basic structural requirements. 72.It 3 : 73Schnorr. 74.It 4 : 75Sophie-Germaine (q = (p-1)/2); 76usually generated in the process of testing safe or strong primes. 77.It 5 : 78strong; 79useful for RSA public key generation. 80.El 81.Pp 82.Fa Tests : decimal (bit field) . 83Specifies the methods used in checking for primality. 84Usually, more than one test is used. 85.Pp 86.Bl -tag -width indent -offset indent -compact 87.It 0 : 88not tested; 89often learned from peer during protocol operation, 90and saved for later analysis. 91.It 1 : 92composite; 93failed one or more tests. 94In this case, the highest bit specifies the test that failed. 95.It 2 : 96sieve; 97checked for division by a range of smaller primes. 98.It 4 : 99Miller-Rabin. 100.It 8 : 101Jacobi. 102.It 16 : 103Elliptic Curve. 104.El 105.Pp 106.Fa Tries : decimal . 107Depends on the value of the highest valid Test bit, 108where the method specified is: 109.Pp 110.Bl -tag -width indent -offset indent -compact 111.It 0 : 112not tested 113(always zero). 114.It 1 : 115composite 116(irrelevant). 117.It 2 : 118sieve; 119number of primes sieved. 120Commonly on the order of 32,000,000. 121.It 4 : 122Miller-Rabin; 123number of M-R iterations. 124Commonly on the order of 32 to 64. 125.It 8 : 126Jacobi; 127unknown 128(always zero). 129.It 16 : 130Elliptic Curve; 131unused 132(always zero). 133.El 134.Pp 135.Fa Size : decimal . 136Specifies the number of significant bits. 137.Pp 138.Fa Generator : hex string . 139Specifies the best generator for a Diffie-Hellman exchange. 1400 = unknown or variable, 1412, 3, 5, etc. 142.Pp 143.Fa Modulus : hex string . 144The prime modulus. 145.Pp 146The file is searched for moduli that meet the appropriate 147Time, Size and Generator criteria. 148When more than one meet the criteria, 149the selection should be weighted toward newer moduli, 150without completely disqualifying older moduli. 151.Sh FILES 152.Bl -tag -width /etc/ssh/moduli -compact 153.It Pa /etc/ssh/moduli 154.El 155.Sh SEE ALSO 156.Xr photurisd 8 , 157.Xr sshd 8 158