1.\" $NetBSD: moduli.5,v 1.6 2023/10/25 20:19:57 christos Exp $ 2.\" $OpenBSD: moduli.5,v 1.7 2003/03/06 20:48:35 jmc Exp $ 3.\" 4.\" Copyright 1997, 2000 William Allen Simpson <wsimpson@greendragon.com> 5.\" All rights reserved. 6.\" 7.\" Redistribution and use in source and binary forms, with or without 8.\" modification, are permitted provided that the following conditions 9.\" are met: 10.\" 1. Redistributions of source code must retain the above copyright 11.\" notice, this list of conditions and the following disclaimer. 12.\" 2. Redistributions in binary form must reproduce the above copyright 13.\" notice, this list of conditions and the following disclaimer in the 14.\" documentation and/or other materials provided with the distribution. 15.\" 3. All advertising materials mentioning features or use of this software 16.\" must display the following acknowledgement: 17.\" This product includes software designed by William Allen Simpson. 18.\" 4. The name of the author may not be used to endorse or promote products 19.\" derived from this software without specific prior written permission. 20.\" 21.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 22.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 23.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 24.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 25.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 26.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 27.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 28.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 29.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 30.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 31.\" 32.\" Manual page, using -mandoc macros 33.\" 34.Dd February 7, 2005 35.Dt MODULI 5 36.Os 37.Sh NAME 38.Nm moduli 39.Nd system moduli file 40.Sh DESCRIPTION 41The 42.Pa /etc/moduli 43file contains the system-wide Diffie-Hellman prime moduli for 44.Xr sshd 8 . 45.Pp 46Each line in this file contains the following fields: 47Time, Type, Tests, Tries, Size, Generator, Modulus. 48The fields are separated by white space (tab or blank). 49.Pp 50.Fa Time : yyyymmddhhmmss . 51Specifies the system time that the line was appended to the file. 52The value 00000000000000 means unknown (historic). 53.\"The file is sorted in ascending order. 54.Pp 55.Fa Type : decimal . 56Specifies the internal structure of the prime modulus. 57.Pp 58.Bl -tag -width indent -offset indent -compact 59.It 0 : 60unknown; 61often learned from peer during protocol operation, 62and saved for later analysis. 63.It 1 : 64unstructured; 65a common large number. 66.It 2 : 67safe (p = 2q + 1); 68meets basic structural requirements. 69.It 3 : 70Schnorr. 71.It 4 : 72Sophie-Germaine (q = (p-1)/2); 73usually generated in the process of testing safe or strong primes. 74.It 5 : 75strong; 76useful for RSA public key generation. 77.El 78.Pp 79.Fa Tests : decimal (bit field) . 80Specifies the methods used in checking for primality. 81Usually, more than one test is used. 82.Pp 83.Bl -tag -width indent -offset indent -compact 84.It 0 : 85not tested; 86often learned from peer during protocol operation, 87and saved for later analysis. 88.It 1 : 89composite; 90failed one or more tests. 91In this case, the highest bit specifies the test that failed. 92.It 2 : 93sieve; 94checked for division by a range of smaller primes. 95.It 4 : 96Miller-Rabin. 97.It 8 : 98Jacobi. 99.It 16 : 100Elliptic Curve. 101.El 102.Pp 103.Fa Tries : decimal . 104Depends on the value of the highest valid Test bit, 105where the method specified is: 106.Pp 107.Bl -tag -width indent -offset indent -compact 108.It 0 : 109not tested 110(always zero). 111.It 1 : 112composite 113(irrelevant). 114.It 2 : 115sieve; 116number of primes sieved. 117Commonly on the order of 32,000,000. 118.It 4 : 119Miller-Rabin; 120number of M-R iterations. 121Commonly on the order of 32 to 64. 122.It 8 : 123Jacobi; 124unknown 125(always zero). 126.It 16 : 127Elliptic Curve; 128unused 129(always zero). 130.El 131.Pp 132.Fa Size : decimal . 133Specifies the number of the most significant bit (0 to M). 134.Pp 135.Fa Generator : hex string . 136Specifies the best generator for a Diffie-Hellman exchange. 1370 = unknown or variable, 1382, 3, 5, etc. 139.Pp 140.Fa Modulus : hex string . 141The prime modulus. 142.Pp 143The file should be searched for moduli that meet the appropriate 144Time, Size and Generator criteria. 145When more than one meet the criteria, 146the selection should be weighted toward newer moduli, 147without completely disqualifying older moduli. 148.Pp 149Note that 150.Xr sshd 8 151uses only the Size criteria and then selects a modulus at random 152if more than one meet the Size criteria. 153.Sh FILES 154.Bl -tag -width /etc/moduli -compact 155.It Pa /etc/moduli 156.El 157.Sh SEE ALSO 158.Xr qsieve 1 , 159.Xr sshd 8 160.Sh HISTORY 161The 162.Nm 163file appeared in 164.Ox 2.8 165and 166.Nx 1.6 . 167