MODULI(5) BSD Reference Manual MODULI(5)
moduli - system moduli file
The /etc/moduli file contains the system-wide Diffie-Hellman prime moduli for sshd(8). Each line in this file contains the following fields: Time, Type, Tests, Tries, Size, Generator, Modulus. The fields are separated by white space (tab or blank). Time: yyyymmddhhmmss. Specifies the system time that the line was append- ed to the file. The value 00000000000000 means unknown (historic). Type: decimal. Specifies the internal structure of the prime modulus. 0: unknown; often learned from peer during protocol operation, and saved for later analysis. 1: unstructured; a common large number. 2: safe (p = 2q + 1); meets basic structural requirements. 3: Schnorr. 4: Sophie-Germain (q = (p-1)/2); usually generated in the pro- cess of testing safe or strong primes. 5: strong; useful for RSA public key generation. Tests: decimal (bit field). Specifies the methods used in checking for primality. Usually, more than one test is used. 0: not tested; often learned from peer during protocol opera- tion, and saved for later analysis. 1: composite; failed one or more tests. In this case, the highest bit specifies the test that failed. 2: sieve; checked for division by a range of smaller primes. 4: Miller-Rabin. 8: Jacobi. 16: Elliptic Curve. Tries: decimal. Depends on the value of the highest valid Test bit, where the method specified is: 0: not tested (always zero). 1: composite (irrelevant). 2: sieve; number of primes sieved. Commonly on the order of 32,000,000. 4: Miller-Rabin; number of M-R iterations. Commonly on the order of 32 to 64. 8: Jacobi; unknown (always zero). 16: Elliptic Curve; unused (always zero). Size: decimal. Specifies the number of the most significant bit (0 to M). Generator: hex string. Specifies the best generator for a Diffie-Hellman exchange. 0 = unknown or variable, 2, 3, 5, etc. Modulus: hex string. The prime modulus. The file is searched for moduli that meet the appropriate Time, Size and Generator criteria. When more than one meet the criteria, the selection should be weighted toward newer moduli, without completely disqualifying older moduli. New moduli may be generated using the ssh-keygen(1) tool.
ssh-keygen(1), sshd(8) MirOS BSD #10-current July 28, 1997 1
Generated on 2013-10-31 22:57:03 by $MirOS: src/scripts/roff2htm,v 1.77 2013/01/01 20:49:09 tg Exp $
These manual pages and other documentation are copyrighted by their respective writers;
their source is available at our CVSweb,
AnonCVS, and other mirrors. The rest is Copyright © 2002‒2013 The MirOS Project, Germany.
This product includes material provided by Thorsten Glaser.
This manual page’s HTML representation is supposed to be valid XHTML/1.1; if not, please send a bug report – diffs preferred.