MODULI(5) BSD Reference Manual MODULI(5)

**moduli** - system moduli file

The */etc/moduli* file contains the system-wide Diffie-Hellman prime moduli
for sshd(8).
Each line in this file contains the following fields: Time, Type, Tests,
Tries, Size, Generator, Modulus. The fields are separated by white space
(tab or blank).
*Time: yyyymmddhhmmss*. Specifies the system time that the line was append-
ed to the file. The value 00000000000000 means unknown (historic).
*Type: decimal*. Specifies the internal structure of the prime modulus.
0: unknown; often learned from peer during protocol operation,
and saved for later analysis.
1: unstructured; a common large number.
2: safe (p = 2q + 1); meets basic structural requirements.
3: Schnorr.
4: Sophie-Germain (q = (p-1)/2); usually generated in the pro-
cess of testing safe or strong primes.
5: strong; useful for RSA public key generation.
*Tests: decimal (bit field*). Specifies the methods used in checking for
primality. Usually, more than one test is used.
0: not tested; often learned from peer during protocol opera-
tion, and saved for later analysis.
1: composite; failed one or more tests. In this case, the
highest bit specifies the test that failed.
2: sieve; checked for division by a range of smaller primes.
4: Miller-Rabin.
8: Jacobi.
16: Elliptic Curve.
*Tries: decimal*. Depends on the value of the highest valid Test bit, where
the method specified is:
0: not tested (always zero).
1: composite (irrelevant).
2: sieve; number of primes sieved. Commonly on the order of
32,000,000.
4: Miller-Rabin; number of M-R iterations. Commonly on the
order of 32 to 64.
8: Jacobi; unknown (always zero).
16: Elliptic Curve; unused (always zero).
*Size: decimal*. Specifies the number of the most significant bit (0 to M).
*Generator: hex string*. Specifies the best generator for a Diffie-Hellman
exchange. 0 = unknown or variable, 2, 3, 5, etc.
*Modulus: hex string*. The prime modulus.
The file is searched for moduli that meet the appropriate Time, Size and
Generator criteria. When more than one meet the criteria, the selection
should be weighted toward newer moduli, without completely disqualifying
older moduli.
New moduli may be generated using the ssh-keygen(1) tool.

/etc/moduli

ssh-keygen(1), sshd(8)
MirBSD #10-current July 28, 1997 1