mirror of
https://github.com/PowerShell/openssh-portable.git
synced 2025-07-30 01:05:14 +02:00
- (dtucker) OpenBSD CVS Sync
- jmc@cvs.openbsd.org 2008/06/26 06:59:39 [moduli.5] tweak previous;
This commit is contained in:
Darren Tucker
parent
765f8c4eff
commit
578451ddda
@ -1,3 +1,9 @@
|
|||||||
|
20110807
|
||||||
|
- (dtucker) OpenBSD CVS Sync
|
||||||
|
- jmc@cvs.openbsd.org 2008/06/26 06:59:39
|
||||||
|
[moduli.5]
|
||||||
|
tweak previous;
|
||||||
|
|
||||||
20110805
|
20110805
|
||||||
- OpenBSD CVS Sync
|
- OpenBSD CVS Sync
|
||||||
- djm@cvs.openbsd.org 2011/06/23 23:35:42
|
- djm@cvs.openbsd.org 2011/06/23 23:35:42
|
||||||
|
|||||||
28
moduli.5
28
moduli.5
@ -1,4 +1,4 @@
|
|||||||
.\" $OpenBSD: moduli.5,v 1.12 2008/06/26 05:57:54 djm Exp $
|
.\" $OpenBSD: moduli.5,v 1.13 2008/06/26 06:59:39 jmc Exp $
|
||||||
.\"
|
.\"
|
||||||
.\" Copyright (c) 2008 Damien Miller <djm@mindrot.org>
|
.\" Copyright (c) 2008 Damien Miller <djm@mindrot.org>
|
||||||
.\"
|
.\"
|
||||||
@ -22,7 +22,7 @@
|
|||||||
.Sh DESCRIPTION
|
.Sh DESCRIPTION
|
||||||
The
|
The
|
||||||
.Pa /etc/moduli
|
.Pa /etc/moduli
|
||||||
file contains prime numbers and generators for use by
|
file contains prime numbers and generators for use by
|
||||||
.Xr sshd 8
|
.Xr sshd 8
|
||||||
in the Diffie-Hellman Group Exchange key exchange method.
|
in the Diffie-Hellman Group Exchange key exchange method.
|
||||||
.Pp
|
.Pp
|
||||||
@ -31,13 +31,13 @@ New moduli may be generated with
|
|||||||
using a two-step process.
|
using a two-step process.
|
||||||
An initial
|
An initial
|
||||||
.Em candidate generation
|
.Em candidate generation
|
||||||
pass, using
|
pass, using
|
||||||
.Ic ssh-keygen -G ,
|
.Ic ssh-keygen -G ,
|
||||||
calculates numbers that are likely to be useful.
|
calculates numbers that are likely to be useful.
|
||||||
A second
|
A second
|
||||||
.Em primality testing
|
.Em primality testing
|
||||||
pass, using
|
pass, using
|
||||||
.Ic ssh-keygen -T
|
.Ic ssh-keygen -T ,
|
||||||
provides a high degree of assurance that the numbers are prime and are
|
provides a high degree of assurance that the numbers are prime and are
|
||||||
safe for use in Diffie Hellman operations by
|
safe for use in Diffie Hellman operations by
|
||||||
.Xr sshd 8 .
|
.Xr sshd 8 .
|
||||||
@ -46,9 +46,8 @@ This
|
|||||||
format is used as the output from each pass.
|
format is used as the output from each pass.
|
||||||
.Pp
|
.Pp
|
||||||
The file consists of newline-separated records, one per modulus,
|
The file consists of newline-separated records, one per modulus,
|
||||||
containing seven space separated fields.
|
containing seven space-separated fields.
|
||||||
These fields are as follows:
|
These fields are as follows:
|
||||||
.Pp
|
|
||||||
.Bl -tag -width Description -offset indent
|
.Bl -tag -width Description -offset indent
|
||||||
.It timestamp
|
.It timestamp
|
||||||
The time that the modulus was last processed as YYYYMMDDHHMMSS.
|
The time that the modulus was last processed as YYYYMMDDHHMMSS.
|
||||||
@ -58,7 +57,7 @@ Supported types are:
|
|||||||
.Pp
|
.Pp
|
||||||
.Bl -tag -width 0x00 -compact
|
.Bl -tag -width 0x00 -compact
|
||||||
.It 0
|
.It 0
|
||||||
Unknown, not tested
|
Unknown, not tested.
|
||||||
.It 2
|
.It 2
|
||||||
"Safe" prime; (p-1)/2 is also prime.
|
"Safe" prime; (p-1)/2 is also prime.
|
||||||
.It 4
|
.It 4
|
||||||
@ -68,7 +67,7 @@ Sophie Germain; (p+1)*2 is also prime.
|
|||||||
Moduli candidates initially produced by
|
Moduli candidates initially produced by
|
||||||
.Xr ssh-keygen 1
|
.Xr ssh-keygen 1
|
||||||
are Sophie Germain primes (type 4).
|
are Sophie Germain primes (type 4).
|
||||||
Futher primality testing with
|
Further primality testing with
|
||||||
.Xr ssh-keygen 1
|
.Xr ssh-keygen 1
|
||||||
produces safe prime moduli (type 2) that are ready for use in
|
produces safe prime moduli (type 2) that are ready for use in
|
||||||
.Xr sshd 8 .
|
.Xr sshd 8 .
|
||||||
@ -79,11 +78,11 @@ has been subjected to represented as a bitmask of the following values:
|
|||||||
.Pp
|
.Pp
|
||||||
.Bl -tag -width 0x00 -compact
|
.Bl -tag -width 0x00 -compact
|
||||||
.It 0x00
|
.It 0x00
|
||||||
Not tested
|
Not tested.
|
||||||
.It 0x01
|
.It 0x01
|
||||||
Composite number - not prime.
|
Composite number \(en not prime.
|
||||||
.It 0x02
|
.It 0x02
|
||||||
Sieve of Eratosthenes
|
Sieve of Eratosthenes.
|
||||||
.It 0x04
|
.It 0x04
|
||||||
Probabalistic Miller-Rabin primality tests.
|
Probabalistic Miller-Rabin primality tests.
|
||||||
.El
|
.El
|
||||||
@ -95,8 +94,8 @@ Subsequent
|
|||||||
.Xr ssh-keygen 1
|
.Xr ssh-keygen 1
|
||||||
primality tests are Miller-Rabin tests (flag 0x04).
|
primality tests are Miller-Rabin tests (flag 0x04).
|
||||||
.It trials
|
.It trials
|
||||||
Decimal number indicating of primaility trials that have been performed
|
Decimal number indicating the number of primality trials
|
||||||
on the modulus.
|
that have been performed on the modulus.
|
||||||
.It size
|
.It size
|
||||||
Decimal number indicating the size of the prime in bits.
|
Decimal number indicating the size of the prime in bits.
|
||||||
.It generator
|
.It generator
|
||||||
@ -113,10 +112,9 @@ Diffie Hellman output to sufficiently key the selected symmetric cipher.
|
|||||||
then randomly selects a modulus from
|
then randomly selects a modulus from
|
||||||
.Fa /etc/moduli
|
.Fa /etc/moduli
|
||||||
that best meets the size requirement.
|
that best meets the size requirement.
|
||||||
.Pp
|
|
||||||
.Sh SEE ALSO
|
.Sh SEE ALSO
|
||||||
.Xr ssh-keygen 1 ,
|
.Xr ssh-keygen 1 ,
|
||||||
.Xr sshd 8 ,
|
.Xr sshd 8
|
||||||
.Rs
|
.Rs
|
||||||
.%R RFC 4419
|
.%R RFC 4419
|
||||||
.%T "Diffie-Hellman Group Exchange for the Secure Shell (SSH) Transport Layer Protocol"
|
.%T "Diffie-Hellman Group Exchange for the Secure Shell (SSH) Transport Layer Protocol"
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user