diff options
| author | Darren Tucker <dtucker@zip.com.au> | 2011-08-07 23:09:20 +1000 |
|---|---|---|
| committer | Darren Tucker <dtucker@zip.com.au> | 2011-08-07 23:09:20 +1000 |
| commit | 578451ddda0f591b5186f005253af4c9f78c3321 (patch) | |
| tree | 285ca8c8fff1a6c6d1ecfc9da56564c2e346eafa | |
| parent | 765f8c4effc6afdb4fa26daf1f72c3b660abb220 (diff) | |
- (dtucker) OpenBSD CVS Sync
- jmc@cvs.openbsd.org 2008/06/26 06:59:39
[moduli.5]
tweak previous;
| -rw-r--r-- | ChangeLog | 6 | ||||
| -rw-r--r-- | moduli.5 | 28 |
2 files changed, 19 insertions, 15 deletions
@@ -1,3 +1,9 @@ +20110807 + - (dtucker) OpenBSD CVS Sync + - jmc@cvs.openbsd.org 2008/06/26 06:59:39 + [moduli.5] + tweak previous; + 20110805 - OpenBSD CVS Sync - djm@cvs.openbsd.org 2011/06/23 23:35:42 @@ -1,4 +1,4 @@ -.\" $OpenBSD: moduli.5,v 1.12 2008/06/26 05:57:54 djm Exp $ +.\" $OpenBSD: moduli.5,v 1.13 2008/06/26 06:59:39 jmc Exp $ .\" .\" Copyright (c) 2008 Damien Miller <djm@mindrot.org> .\" @@ -22,7 +22,7 @@ .Sh DESCRIPTION The .Pa /etc/moduli -file contains prime numbers and generators for use by +file contains prime numbers and generators for use by .Xr sshd 8 in the Diffie-Hellman Group Exchange key exchange method. .Pp @@ -31,13 +31,13 @@ New moduli may be generated with using a two-step process. An initial .Em candidate generation -pass, using +pass, using .Ic ssh-keygen -G , calculates numbers that are likely to be useful. A second .Em primality testing pass, using -.Ic ssh-keygen -T +.Ic ssh-keygen -T , provides a high degree of assurance that the numbers are prime and are safe for use in Diffie Hellman operations by .Xr sshd 8 . @@ -46,9 +46,8 @@ This format is used as the output from each pass. .Pp The file consists of newline-separated records, one per modulus, -containing seven space separated fields. +containing seven space-separated fields. These fields are as follows: -.Pp .Bl -tag -width Description -offset indent .It timestamp The time that the modulus was last processed as YYYYMMDDHHMMSS. @@ -58,7 +57,7 @@ Supported types are: .Pp .Bl -tag -width 0x00 -compact .It 0 -Unknown, not tested +Unknown, not tested. .It 2 "Safe" prime; (p-1)/2 is also prime. .It 4 @@ -68,7 +67,7 @@ Sophie Germain; (p+1)*2 is also prime. Moduli candidates initially produced by .Xr ssh-keygen 1 are Sophie Germain primes (type 4). -Futher primality testing with +Further primality testing with .Xr ssh-keygen 1 produces safe prime moduli (type 2) that are ready for use in .Xr sshd 8 . @@ -79,11 +78,11 @@ has been subjected to represented as a bitmask of the following values: .Pp .Bl -tag -width 0x00 -compact .It 0x00 -Not tested +Not tested. .It 0x01 -Composite number - not prime. +Composite number \(en not prime. .It 0x02 -Sieve of Eratosthenes +Sieve of Eratosthenes. .It 0x04 Probabalistic Miller-Rabin primality tests. .El @@ -95,8 +94,8 @@ Subsequent .Xr ssh-keygen 1 primality tests are Miller-Rabin tests (flag 0x04). .It trials -Decimal number indicating of primaility trials that have been performed -on the modulus. +Decimal number indicating the number of primality trials +that have been performed on the modulus. .It size Decimal number indicating the size of the prime in bits. .It generator @@ -113,10 +112,9 @@ Diffie Hellman output to sufficiently key the selected symmetric cipher. then randomly selects a modulus from .Fa /etc/moduli that best meets the size requirement. -.Pp .Sh SEE ALSO .Xr ssh-keygen 1 , -.Xr sshd 8 , +.Xr sshd 8 .Rs .%R RFC 4419 .%T "Diffie-Hellman Group Exchange for the Secure Shell (SSH) Transport Layer Protocol" |