Copyright 1997, 2000 William Allen Simpson <wsimpson@greendragon.com>
All rights reserved.
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions
are met:
1. Redistributions of source code must retain the above copyright
notice, this list of conditions and the following disclaimer.
2. Redistributions in binary form must reproduce the above copyright
notice, this list of conditions and the following disclaimer in the
documentation and/or other materials provided with the distribution.
3. All advertising materials mentioning features or use of this software
must display the following acknowledgement:
This product includes software designed by William Allen Simpson.
4. The name of the author may not be used to endorse or promote products
derived from this software without specific prior written permission.
THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
$FreeBSD: stable/9/share/man/man5/moduli.5 97594 2002-05-30 13:13:05Z ru $
.Dd July 28, 1997 .Dt MODULI 5 .Os .Sh NAME .Nm moduli .Nd system moduli file .Sh DESCRIPTION The .Nm file contains the system-wide Diffie-Hellman prime moduli for the .Xr photurisd 8 and .Xr sshd 8 programs.
p
Each line in this file contains the following fields:
.Va Time , Type , Tests , Tries , Size , Generator ,
and
.Va Modulus .
The fields are separated by white space (tab or blank).
l -tag -width indent t Va Time Pq Vt yyyymmddhhmmss Specifies the system time that the line was appended to the file.
The value 00000000000000 means unknown (historic).
The file is sorted in ascending order.
t Va Type Pq Vt decimal Specifies the internal structure of the prime modulus.
p l -tag -width indent -compact t 0 unknown; often learned from peer during protocol operation, and saved for later analysis. t 1 unstructured; a common large number. t 2 safe (p = 2q + 1); meets basic structural requirements. t 3 Schnorr. t 4 Sophie-Germaine (q = (p-1)/2); usually generated in the process of testing safe or strong primes. t 5 strong; useful for RSA public key generation. .El t Xo .Va Tests Pq Vt decimal (bit field) .Xc Specifies the methods used in checking for primality. Usually, more than one test is used.
p l -tag -width indent -compact t 0 not tested; often learned from peer during protocol operation, and saved for later analysis. t 1 composite; failed one or more tests. In this case, the highest bit specifies the test that failed. t 2 sieve; checked for division by a range of smaller primes. t 4 Miller-Rabin. t 8 Jacobi. t 16 Elliptic Curve. .El t Va Tries Pq Vt decimal Depends on the value of the highest valid Test bit, where the method specified is:
p l -tag -width indent -compact t 0 not tested (always zero). t 1 composite (irrelevant). t 2 sieve; number of primes sieved. Commonly on the order of 32,000,000. t 4 Miller-Rabin; number of M-R iterations. Commonly on the order of 32 to 64. t 8 Jacobi; unknown (always zero). t 16 Elliptic Curve; unused (always zero). .El t Va Size Pq Vt decimal Specifies the number of significant bits. t Va Generator Pq Vt "hex string" Specifies the best generator for a Diffie-Hellman exchange. 0 = unknown or variable, 2, 3, 5, etc. t Va Modulus Pq Vt "hex string" The prime modulus. .El
p The file is searched for moduli that meet the appropriate .Va Time , Size and .Va Generator criteria. When more than one meet the criteria, the selection should be weighted toward newer moduli, without completely disqualifying older moduli. .Sh FILES l -tag -width ".Pa /etc/ssh/moduli" -compact t Pa /etc/ssh/moduli .El .Sh SEE ALSO .Xr photurisd 8 , .Xr sshd 8