xref: /dflybsd-src/crypto/openssh/moduli.5 (revision 95577b5e0147377b730485d25b052a4472277761) 
1*ee116499SAntonio Huete Jimenez.\"	$OpenBSD: moduli.5,v 1.19 2022/04/16 04:30:10 dtucker Exp $
218de8d7fSPeter Avalos.\"
318de8d7fSPeter Avalos.\" Copyright (c) 2008 Damien Miller <djm@mindrot.org>
418de8d7fSPeter Avalos.\"
518de8d7fSPeter Avalos.\" Permission to use, copy, modify, and distribute this software for any
618de8d7fSPeter Avalos.\" purpose with or without fee is hereby granted, provided that the above
718de8d7fSPeter Avalos.\" copyright notice and this permission notice appear in all copies.
818de8d7fSPeter Avalos.\"
918de8d7fSPeter Avalos.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
1018de8d7fSPeter Avalos.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
1118de8d7fSPeter Avalos.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
1218de8d7fSPeter Avalos.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
1318de8d7fSPeter Avalos.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
1418de8d7fSPeter Avalos.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
1518de8d7fSPeter Avalos.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16*ee116499SAntonio Huete Jimenez.Dd $Mdocdate: April 16 2022 $
1718de8d7fSPeter Avalos.Dt MODULI 5
1818de8d7fSPeter Avalos.Os
1918de8d7fSPeter Avalos.Sh NAME
2018de8d7fSPeter Avalos.Nm moduli
211c188a7fSPeter Avalos.Nd Diffie-Hellman moduli
2218de8d7fSPeter Avalos.Sh DESCRIPTION
2318de8d7fSPeter AvalosThe
2418de8d7fSPeter Avalos.Pa /etc/moduli
2518de8d7fSPeter Avalosfile contains prime numbers and generators for use by
2618de8d7fSPeter Avalos.Xr sshd 8
2718de8d7fSPeter Avalosin the Diffie-Hellman Group Exchange key exchange method.
2818de8d7fSPeter Avalos.Pp
2918de8d7fSPeter AvalosNew moduli may be generated with
3018de8d7fSPeter Avalos.Xr ssh-keygen 1
3118de8d7fSPeter Avalosusing a two-step process.
3218de8d7fSPeter AvalosAn initial
3318de8d7fSPeter Avalos.Em candidate generation
3418de8d7fSPeter Avalospass, using
35*ee116499SAntonio Huete Jimenez.Ic ssh-keygen -M generate ,
3618de8d7fSPeter Avaloscalculates numbers that are likely to be useful.
3718de8d7fSPeter AvalosA second
3818de8d7fSPeter Avalos.Em primality testing
3918de8d7fSPeter Avalospass, using
40*ee116499SAntonio Huete Jimenez.Ic ssh-keygen -M screen ,
4118de8d7fSPeter Avalosprovides a high degree of assurance that the numbers are prime and are
421c188a7fSPeter Avalossafe for use in Diffie-Hellman operations by
4318de8d7fSPeter Avalos.Xr sshd 8 .
4418de8d7fSPeter AvalosThis
4518de8d7fSPeter Avalos.Nm
4618de8d7fSPeter Avalosformat is used as the output from each pass.
4718de8d7fSPeter Avalos.Pp
4818de8d7fSPeter AvalosThe file consists of newline-separated records, one per modulus,
491c188a7fSPeter Avaloscontaining seven space-separated fields.
5018de8d7fSPeter AvalosThese fields are as follows:
5118de8d7fSPeter Avalos.Bl -tag -width Description -offset indent
5218de8d7fSPeter Avalos.It timestamp
5318de8d7fSPeter AvalosThe time that the modulus was last processed as YYYYMMDDHHMMSS.
5418de8d7fSPeter Avalos.It type
5518de8d7fSPeter AvalosDecimal number specifying the internal structure of the prime modulus.
5618de8d7fSPeter AvalosSupported types are:
5718de8d7fSPeter Avalos.Pp
5818de8d7fSPeter Avalos.Bl -tag -width 0x00 -compact
5918de8d7fSPeter Avalos.It 0
601c188a7fSPeter AvalosUnknown, not tested.
6118de8d7fSPeter Avalos.It 2
6218de8d7fSPeter Avalos"Safe" prime; (p-1)/2 is also prime.
6318de8d7fSPeter Avalos.It 4
6436e94dc5SPeter AvalosSophie Germain; 2p+1 is also prime.
6518de8d7fSPeter Avalos.El
6618de8d7fSPeter Avalos.Pp
6718de8d7fSPeter AvalosModuli candidates initially produced by
6818de8d7fSPeter Avalos.Xr ssh-keygen 1
6918de8d7fSPeter Avalosare Sophie Germain primes (type 4).
701c188a7fSPeter AvalosFurther primality testing with
7118de8d7fSPeter Avalos.Xr ssh-keygen 1
7218de8d7fSPeter Avalosproduces safe prime moduli (type 2) that are ready for use in
7318de8d7fSPeter Avalos.Xr sshd 8 .
7418de8d7fSPeter AvalosOther types are not used by OpenSSH.
7518de8d7fSPeter Avalos.It tests
7618de8d7fSPeter AvalosDecimal number indicating the type of primality tests that the number
7718de8d7fSPeter Avaloshas been subjected to represented as a bitmask of the following values:
7818de8d7fSPeter Avalos.Pp
7918de8d7fSPeter Avalos.Bl -tag -width 0x00 -compact
8018de8d7fSPeter Avalos.It 0x00
811c188a7fSPeter AvalosNot tested.
8218de8d7fSPeter Avalos.It 0x01
831c188a7fSPeter AvalosComposite number \(en not prime.
8418de8d7fSPeter Avalos.It 0x02
851c188a7fSPeter AvalosSieve of Eratosthenes.
8618de8d7fSPeter Avalos.It 0x04
871c188a7fSPeter AvalosProbabilistic Miller-Rabin primality tests.
8818de8d7fSPeter Avalos.El
8918de8d7fSPeter Avalos.Pp
9018de8d7fSPeter AvalosThe
9118de8d7fSPeter Avalos.Xr ssh-keygen 1
9218de8d7fSPeter Avalosmoduli candidate generation uses the Sieve of Eratosthenes (flag 0x02).
9318de8d7fSPeter AvalosSubsequent
9418de8d7fSPeter Avalos.Xr ssh-keygen 1
9518de8d7fSPeter Avalosprimality tests are Miller-Rabin tests (flag 0x04).
9618de8d7fSPeter Avalos.It trials
971c188a7fSPeter AvalosDecimal number indicating the number of primality trials
981c188a7fSPeter Avalosthat have been performed on the modulus.
9918de8d7fSPeter Avalos.It size
10018de8d7fSPeter AvalosDecimal number indicating the size of the prime in bits.
10118de8d7fSPeter Avalos.It generator
10218de8d7fSPeter AvalosThe recommended generator for use with this modulus (hexadecimal).
10318de8d7fSPeter Avalos.It modulus
10418de8d7fSPeter AvalosThe modulus itself in hexadecimal.
10518de8d7fSPeter Avalos.El
10618de8d7fSPeter Avalos.Pp
1071c188a7fSPeter AvalosWhen performing Diffie-Hellman Group Exchange,
10818de8d7fSPeter Avalos.Xr sshd 8
10918de8d7fSPeter Avalosfirst estimates the size of the modulus required to produce enough
1101c188a7fSPeter AvalosDiffie-Hellman output to sufficiently key the selected symmetric cipher.
11118de8d7fSPeter Avalos.Xr sshd 8
11218de8d7fSPeter Avalosthen randomly selects a modulus from
11318de8d7fSPeter Avalos.Fa /etc/moduli
11418de8d7fSPeter Avalosthat best meets the size requirement.
11518de8d7fSPeter Avalos.Sh SEE ALSO
11618de8d7fSPeter Avalos.Xr ssh-keygen 1 ,
1171c188a7fSPeter Avalos.Xr sshd 8
11836e94dc5SPeter Avalos.Sh STANDARDS
11918de8d7fSPeter Avalos.Rs
12036e94dc5SPeter Avalos.%A M. Friedl
12136e94dc5SPeter Avalos.%A N. Provos
12236e94dc5SPeter Avalos.%A W. Simpson
12336e94dc5SPeter Avalos.%D March 2006
12418de8d7fSPeter Avalos.%R RFC 4419
12536e94dc5SPeter Avalos.%T Diffie-Hellman Group Exchange for the Secure Shell (SSH) Transport Layer Protocol
12618de8d7fSPeter Avalos.Re
127