diff options
Diffstat (limited to 'share')
| -rw-r--r-- | share/man/man5/moduli.5 | 84 |
1 files changed, 43 insertions, 41 deletions
diff --git a/share/man/man5/moduli.5 b/share/man/man5/moduli.5 index da66604..32d7989 100644 --- a/share/man/man5/moduli.5 +++ b/share/man/man5/moduli.5 @@ -1,5 +1,4 @@ .\" $OpenBSD: moduli.5,v 1.3 2001/06/24 18:50:52 provos Exp $ -.\" $FreeBSD$ .\" .\" Copyright 1997, 2000 William Allen Simpson <wsimpson@greendragon.com> .\" All rights reserved. @@ -29,7 +28,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" Manual page, using -mandoc macros +.\" $FreeBSD$ .\" .Dd July 28, 1997 .Dt MODULI 5 @@ -39,7 +38,7 @@ .Nd system moduli file .Sh DESCRIPTION The -.Pa /etc/ssh/moduli +.Nm file contains the system-wide Diffie-Hellman prime moduli for the .Xr photurisd 8 and @@ -47,109 +46,112 @@ and programs. .Pp Each line in this file contains the following fields: -Time, Type, Tests, Tries, Size, Generator, Modulus. +.Va Time , Type , Tests , Tries , Size , Generator , +and +.Va Modulus . The fields are separated by white space (tab or blank). -.Pp -.Fa Time : yyyymmddhhmmss . +.Bl -tag -width indent +.It Va Time Pq Vt yyyymmddhhmmss Specifies the system time that the line was appended to the file. The value 00000000000000 means unknown (historic). .\"The file is sorted in ascending order. -.Pp -.Fa Type : decimal . +.It Va Type Pq Vt decimal Specifies the internal structure of the prime modulus. .Pp -.Bl -tag -width indent -offset indent -compact -.It 0 : +.Bl -tag -width indent -compact +.It 0 unknown; often learned from peer during protocol operation, and saved for later analysis. -.It 1 : +.It 1 unstructured; a common large number. -.It 2 : +.It 2 safe (p = 2q + 1); meets basic structural requirements. -.It 3 : +.It 3 Schnorr. -.It 4 : +.It 4 Sophie-Germaine (q = (p-1)/2); usually generated in the process of testing safe or strong primes. -.It 5 : +.It 5 strong; useful for RSA public key generation. .El -.Pp -.Fa Tests : decimal (bit field) . +.It Xo +.Va Tests Pq Vt decimal +(bit field) +.Xc Specifies the methods used in checking for primality. Usually, more than one test is used. .Pp -.Bl -tag -width indent -offset indent -compact -.It 0 : +.Bl -tag -width indent -compact +.It 0 not tested; often learned from peer during protocol operation, and saved for later analysis. -.It 1 : +.It 1 composite; failed one or more tests. In this case, the highest bit specifies the test that failed. -.It 2 : +.It 2 sieve; checked for division by a range of smaller primes. -.It 4 : +.It 4 Miller-Rabin. -.It 8 : +.It 8 Jacobi. -.It 16 : +.It 16 Elliptic Curve. .El -.Pp -.Fa Tries : decimal . +.It Va Tries Pq Vt decimal Depends on the value of the highest valid Test bit, where the method specified is: .Pp -.Bl -tag -width indent -offset indent -compact -.It 0 : +.Bl -tag -width indent -compact +.It 0 not tested (always zero). -.It 1 : +.It 1 composite (irrelevant). -.It 2 : +.It 2 sieve; number of primes sieved. Commonly on the order of 32,000,000. -.It 4 : +.It 4 Miller-Rabin; number of M-R iterations. Commonly on the order of 32 to 64. -.It 8 : +.It 8 Jacobi; unknown (always zero). -.It 16 : +.It 16 Elliptic Curve; unused (always zero). .El -.Pp -.Fa Size : decimal . +.It Va Size Pq Vt decimal Specifies the number of significant bits. -.Pp -.Fa Generator : hex string . +.It Va Generator Pq Vt "hex string" Specifies the best generator for a Diffie-Hellman exchange. 0 = unknown or variable, 2, 3, 5, etc. -.Pp -.Fa Modulus : hex string . +.It Va Modulus Pq Vt "hex string" The prime modulus. +.El .Pp The file is searched for moduli that meet the appropriate -Time, Size and Generator criteria. +.Va Time , Size +and +.Va Generator +criteria. When more than one meet the criteria, the selection should be weighted toward newer moduli, without completely disqualifying older moduli. .Sh FILES -.Bl -tag -width /etc/ssh/moduli -compact +.Bl -tag -width ".Pa /etc/ssh/moduli" -compact .It Pa /etc/ssh/moduli .El .Sh SEE ALSO |
