MODULI(5) MidnightBSD File Formats Manual MODULI(5)

**NAME**

**moduli** — system moduli
file

**DESCRIPTION**

The **moduli** file contains the
system-wide Diffie-Hellman prime moduli for the photurisd(8) and
sshd(8) programs.

Each line in this file
contains the following fields: *Time*, *Type*,
*Tests*, *Tries*, *Size*, *Generator*, and
*Modulus*. The fields are separated by white space (tab or
blank).

*Time*
(*yyyymmddhhmmss*)

Specifies the system time that the line was appended to the file. The value 00000000000000 means unknown (historic).

*Type*
(*decimal*)

Specifies the internal structure of the prime modulus.

0

unknown; often learned from peer during protocol operation, and saved for later analysis.

1

unstructured; a common large number.

2

safe (p = 2q + 1); meets basic structural requirements.

3

Schnorr.

4

Sophie-Germaine (q = (p-1)/2); usually generated in the process of testing safe or strong primes.

5

strong; useful for RSA public key generation.

*Tests*
(*decimal*) (bit field)

Specifies the methods used in checking for primality. Usually, more than one test is used.

0

not tested; often learned from peer during protocol operation, and saved for later analysis.

1

composite; failed one or more tests. In this case, the highest bit specifies the test that failed.

2

sieve; checked for division by a range of smaller primes.

4

Miller-Rabin.

8

Jacobi.

16

Elliptic Curve.

*Tries*
(*decimal*)

Depends on the value of the highest valid Test bit, where the method specified is:

0

not tested (always zero).

1

composite (irrelevant).

2

sieve; number of primes sieved. Commonly on the order of 32,000,000.

4

Miller-Rabin; number of M-R iterations. Commonly on the order of 32 to 64.

8

Jacobi; unknown (always zero).

16

Elliptic Curve; unused (always zero).

*Size*
(*decimal*)

Specifies the number of significant bits.

*Generator* (*hex
string*)

Specifies the best generator for a Diffie-Hellman exchange. 0 = unknown or variable, 2, 3, 5, etc.

*Modulus* (*hex
string*)

The prime modulus.

The file is searched for
moduli that meet the appropriate *Time*, *Size* and
*Generator* criteria. When more than one meet the criteria,
the selection should be weighted toward newer moduli, without
completely disqualifying older moduli.

**FILES**

/etc/ssh/moduli

SEE ALSO

photurisd(8), sshd(8)

MidnightBSD 0.3 July 28, 1997 MidnightBSD 0.3