1
.\" $OpenBSD: moduli.5,v 1.7 2003/03/06 20:48:35 jmc Exp $
3
.\" Copyright 1997, 2000 William Allen Simpson <wsimpson@greendragon.com>
4
.\" All rights reserved.
6
.\" Redistribution and use in source and binary forms, with or without
7
.\" modification, are permitted provided that the following conditions
9
.\" 1. Redistributions of source code must retain the above copyright
10
.\" notice, this list of conditions and the following disclaimer.
11
.\" 2. Redistributions in binary form must reproduce the above copyright
12
.\" notice, this list of conditions and the following disclaimer in the
13
.\" documentation and/or other materials provided with the distribution.
14
.\" 3. All advertising materials mentioning features or use of this software
15
.\" must display the following acknowledgement:
16
.\" This product includes software designed by William Allen Simpson.
17
.\" 4. The name of the author may not be used to endorse or promote products
18
.\" derived from this software without specific prior written permission.
20
.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
21
.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
22
.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
23
.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
24
.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
25
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
26
.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
27
.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
28
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
29
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
31
.\" Manual page, using -mandoc macros
38
.Nd system moduli file
42
file contains the system-wide Diffie-Hellman prime moduli for
45
Each line in this file contains the following fields:
46
Time, Type, Tests, Tries, Size, Generator, Modulus.
47
The fields are separated by white space (tab or blank).
49
.Fa Time : yyyymmddhhmmss .
50
Specifies the system time that the line was appended to the file.
51
The value 00000000000000 means unknown (historic).
52
.\"The file is sorted in ascending order.
55
Specifies the internal structure of the prime modulus.
57
.Bl -tag -width indent -offset indent -compact
60
often learned from peer during protocol operation,
61
and saved for later analysis.
64
a common large number.
67
meets basic structural requirements.
71
Sophie-Germaine (q = (p-1)/2);
72
usually generated in the process of testing safe or strong primes.
75
useful for RSA public key generation.
78
.Fa Tests : decimal (bit field) .
79
Specifies the methods used in checking for primality.
80
Usually, more than one test is used.
82
.Bl -tag -width indent -offset indent -compact
85
often learned from peer during protocol operation,
86
and saved for later analysis.
89
failed one or more tests.
90
In this case, the highest bit specifies the test that failed.
93
checked for division by a range of smaller primes.
102
.Fa Tries : decimal .
103
Depends on the value of the highest valid Test bit,
104
where the method specified is:
106
.Bl -tag -width indent -offset indent -compact
115
number of primes sieved.
116
Commonly on the order of 32,000,000.
119
number of M-R iterations.
120
Commonly on the order of 32 to 64.
132
Specifies the number of significant bits.
134
.Fa Generator : hex string .
135
Specifies the best generator for a Diffie-Hellman exchange.
136
0 = unknown or variable,
139
.Fa Modulus : hex string .
142
The file is searched for moduli that meet the appropriate
143
Time, Size and Generator criteria.
144
When more than one meet the criteria,
145
the selection should be weighted toward newer moduli,
146
without completely disqualifying older moduli.
148
.Bl -tag -width /etc/ssh/moduli -compact
149
.It Pa /etc/ssh/moduli
added
removed
debian/moduli.5
