]>
Commit | Line | Data |
---|---|---|
602aedb1 | 1 | .\" $OpenBSD: moduli.5,v 1.12 2008/06/26 05:57:54 djm Exp $ |
2 | .\" | |
3 | .\" Copyright (c) 2008 Damien Miller <djm@mindrot.org> | |
4 | .\" | |
5 | .\" Permission to use, copy, modify, and distribute this software for any | |
6 | .\" purpose with or without fee is hereby granted, provided that the above | |
7 | .\" copyright notice and this permission notice appear in all copies. | |
8 | .\" | |
9 | .\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES | |
10 | .\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF | |
11 | .\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR | |
12 | .\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES | |
13 | .\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN | |
14 | .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF | |
15 | .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. | |
16 | .Dd $Mdocdate: June 26 2008 $ | |
17 | .Dt MODULI 5 | |
18 | .Os | |
19 | .Sh NAME | |
20 | .Nm moduli | |
21 | .Nd Diffie Hellman moduli | |
22 | .Sh DESCRIPTION | |
23 | The | |
24 | .Pa /etc/moduli | |
25 | file contains prime numbers and generators for use by | |
26 | .Xr sshd 8 | |
27 | in the Diffie-Hellman Group Exchange key exchange method. | |
28 | .Pp | |
29 | New moduli may be generated with | |
30 | .Xr ssh-keygen 1 | |
31 | using a two-step process. | |
32 | An initial | |
33 | .Em candidate generation | |
34 | pass, using | |
35 | .Ic ssh-keygen -G , | |
36 | calculates numbers that are likely to be useful. | |
37 | A second | |
38 | .Em primality testing | |
39 | pass, using | |
40 | .Ic ssh-keygen -T | |
41 | provides a high degree of assurance that the numbers are prime and are | |
42 | safe for use in Diffie Hellman operations by | |
43 | .Xr sshd 8 . | |
44 | This | |
45 | .Nm | |
46 | format is used as the output from each pass. | |
47 | .Pp | |
48 | The file consists of newline-separated records, one per modulus, | |
49 | containing seven space separated fields. | |
50 | These fields are as follows: | |
51 | .Pp | |
52 | .Bl -tag -width Description -offset indent | |
53 | .It timestamp | |
54 | The time that the modulus was last processed as YYYYMMDDHHMMSS. | |
55 | .It type | |
56 | Decimal number specifying the internal structure of the prime modulus. | |
57 | Supported types are: | |
58 | .Pp | |
59 | .Bl -tag -width 0x00 -compact | |
60 | .It 0 | |
61 | Unknown, not tested | |
62 | .It 2 | |
63 | "Safe" prime; (p-1)/2 is also prime. | |
64 | .It 4 | |
65 | Sophie Germain; (p+1)*2 is also prime. | |
66 | .El | |
67 | .Pp | |
68 | Moduli candidates initially produced by | |
69 | .Xr ssh-keygen 1 | |
70 | are Sophie Germain primes (type 4). | |
71 | Futher primality testing with | |
72 | .Xr ssh-keygen 1 | |
73 | produces safe prime moduli (type 2) that are ready for use in | |
74 | .Xr sshd 8 . | |
75 | Other types are not used by OpenSSH. | |
76 | .It tests | |
77 | Decimal number indicating the type of primality tests that the number | |
78 | has been subjected to represented as a bitmask of the following values: | |
79 | .Pp | |
80 | .Bl -tag -width 0x00 -compact | |
81 | .It 0x00 | |
82 | Not tested | |
83 | .It 0x01 | |
84 | Composite number - not prime. | |
85 | .It 0x02 | |
86 | Sieve of Eratosthenes | |
87 | .It 0x04 | |
88 | Probabalistic Miller-Rabin primality tests. | |
89 | .El | |
90 | .Pp | |
91 | The | |
92 | .Xr ssh-keygen 1 | |
93 | moduli candidate generation uses the Sieve of Eratosthenes (flag 0x02). | |
94 | Subsequent | |
95 | .Xr ssh-keygen 1 | |
96 | primality tests are Miller-Rabin tests (flag 0x04). | |
97 | .It trials | |
98 | Decimal number indicating of primaility trials that have been performed | |
99 | on the modulus. | |
100 | .It size | |
101 | Decimal number indicating the size of the prime in bits. | |
102 | .It generator | |
103 | The recommended generator for use with this modulus (hexadecimal). | |
104 | .It modulus | |
105 | The modulus itself in hexadecimal. | |
106 | .El | |
107 | .Pp | |
108 | When performing Diffie Hellman Group Exchange, | |
109 | .Xr sshd 8 | |
110 | first estimates the size of the modulus required to produce enough | |
111 | Diffie Hellman output to sufficiently key the selected symmetric cipher. | |
112 | .Xr sshd 8 | |
113 | then randomly selects a modulus from | |
114 | .Fa /etc/moduli | |
115 | that best meets the size requirement. | |
116 | .Pp | |
117 | .Sh SEE ALSO | |
118 | .Xr ssh-keygen 1 , | |
119 | .Xr sshd 8 , | |
120 | .Rs | |
121 | .%R RFC 4419 | |
122 | .%T "Diffie-Hellman Group Exchange for the Secure Shell (SSH) Transport Layer Protocol" | |
123 | .%D 2006 | |
124 | .Re |