1180750SdesMODULI(5) OpenBSD Programmer's Manual MODULI(5) 2180750Sdes 3180750SdesNAME 4225825Sdes moduli - Diffie-Hellman moduli 5180750Sdes 6180750SdesDESCRIPTION 7180750Sdes The /etc/moduli file contains prime numbers and generators for use by 8180750Sdes sshd(8) in the Diffie-Hellman Group Exchange key exchange method. 9180750Sdes 10180750Sdes New moduli may be generated with ssh-keygen(1) using a two-step process. 11180750Sdes An initial candidate generation pass, using ssh-keygen -G, calculates 12180750Sdes numbers that are likely to be useful. A second primality testing pass, 13225825Sdes using ssh-keygen -T, provides a high degree of assurance that the numbers 14225825Sdes are prime and are safe for use in Diffie-Hellman operations by sshd(8). 15180750Sdes This moduli format is used as the output from each pass. 16180750Sdes 17214979Sdes The file consists of newline-separated records, one per modulus, 18225825Sdes containing seven space-separated fields. These fields are as follows: 19180750Sdes 20214979Sdes timestamp The time that the modulus was last processed as 21214979Sdes YYYYMMDDHHMMSS. 22214979Sdes 23180750Sdes type Decimal number specifying the internal structure of 24180750Sdes the prime modulus. Supported types are: 25180750Sdes 26225825Sdes 0 Unknown, not tested. 27180750Sdes 2 "Safe" prime; (p-1)/2 is also prime. 28248613Sdes 4 Sophie Germain; 2p+1 is also prime. 29180750Sdes 30180750Sdes Moduli candidates initially produced by ssh-keygen(1) 31225825Sdes are Sophie Germain primes (type 4). Further primality 32180750Sdes testing with ssh-keygen(1) produces safe prime moduli 33180750Sdes (type 2) that are ready for use in sshd(8). Other 34180750Sdes types are not used by OpenSSH. 35180750Sdes 36180750Sdes tests Decimal number indicating the type of primality tests 37180750Sdes that the number has been subjected to represented as a 38180750Sdes bitmask of the following values: 39180750Sdes 40225825Sdes 0x00 Not tested. 41180750Sdes 0x01 Composite number - not prime. 42225825Sdes 0x02 Sieve of Eratosthenes. 43225825Sdes 0x04 Probabilistic Miller-Rabin primality tests. 44180750Sdes 45180750Sdes The ssh-keygen(1) moduli candidate generation uses the 46180750Sdes Sieve of Eratosthenes (flag 0x02). Subsequent 47180750Sdes ssh-keygen(1) primality tests are Miller-Rabin tests 48180750Sdes (flag 0x04). 49180750Sdes 50225825Sdes trials Decimal number indicating the number of primality 51225825Sdes trials that have been performed on the modulus. 52180750Sdes 53180750Sdes size Decimal number indicating the size of the prime in 54180750Sdes bits. 55180750Sdes 56180750Sdes generator The recommended generator for use with this modulus 57180750Sdes (hexadecimal). 58180750Sdes 59180750Sdes modulus The modulus itself in hexadecimal. 60180750Sdes 61225825Sdes When performing Diffie-Hellman Group Exchange, sshd(8) first estimates 62225825Sdes the size of the modulus required to produce enough Diffie-Hellman output 63180750Sdes to sufficiently key the selected symmetric cipher. sshd(8) then randomly 64180750Sdes selects a modulus from /etc/moduli that best meets the size requirement. 65180750Sdes 66180750SdesSEE ALSO 67225825Sdes ssh-keygen(1), sshd(8) 68180750Sdes 69248613SdesSTANDARDS 70248613Sdes M. Friedl, N. Provos, and W. Simpson, Diffie-Hellman Group Exchange for 71248613Sdes the Secure Shell (SSH) Transport Layer Protocol, RFC 4419, March 2006, 72248613Sdes 2006. 73180750Sdes 74264377SdesOpenBSD 5.5 September 26, 2012 OpenBSD 5.5 75