From 578451ddda0f591b5186f005253af4c9f78c3321 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Sun, 7 Aug 2011 23:09:20 +1000 Subject: - (dtucker) OpenBSD CVS Sync - jmc@cvs.openbsd.org 2008/06/26 06:59:39 [moduli.5] tweak previous; --- moduli.5 | 28 +++++++++++++--------------- 1 file changed, 13 insertions(+), 15 deletions(-) (limited to 'moduli.5') diff --git a/moduli.5 b/moduli.5 index 4a99439c..a1321abd 100644 --- a/moduli.5 +++ b/moduli.5 @@ -1,4 +1,4 @@ -.\" $OpenBSD: moduli.5,v 1.12 2008/06/26 05:57:54 djm Exp $ +.\" $OpenBSD: moduli.5,v 1.13 2008/06/26 06:59:39 jmc Exp $ .\" .\" Copyright (c) 2008 Damien Miller .\" @@ -22,7 +22,7 @@ .Sh DESCRIPTION The .Pa /etc/moduli -file contains prime numbers and generators for use by +file contains prime numbers and generators for use by .Xr sshd 8 in the Diffie-Hellman Group Exchange key exchange method. .Pp @@ -31,13 +31,13 @@ New moduli may be generated with using a two-step process. An initial .Em candidate generation -pass, using +pass, using .Ic ssh-keygen -G , calculates numbers that are likely to be useful. A second .Em primality testing pass, using -.Ic ssh-keygen -T +.Ic ssh-keygen -T , provides a high degree of assurance that the numbers are prime and are safe for use in Diffie Hellman operations by .Xr sshd 8 . @@ -46,9 +46,8 @@ This format is used as the output from each pass. .Pp The file consists of newline-separated records, one per modulus, -containing seven space separated fields. +containing seven space-separated fields. These fields are as follows: -.Pp .Bl -tag -width Description -offset indent .It timestamp The time that the modulus was last processed as YYYYMMDDHHMMSS. @@ -58,7 +57,7 @@ Supported types are: .Pp .Bl -tag -width 0x00 -compact .It 0 -Unknown, not tested +Unknown, not tested. .It 2 "Safe" prime; (p-1)/2 is also prime. .It 4 @@ -68,7 +67,7 @@ Sophie Germain; (p+1)*2 is also prime. Moduli candidates initially produced by .Xr ssh-keygen 1 are Sophie Germain primes (type 4). -Futher primality testing with +Further primality testing with .Xr ssh-keygen 1 produces safe prime moduli (type 2) that are ready for use in .Xr sshd 8 . @@ -79,11 +78,11 @@ has been subjected to represented as a bitmask of the following values: .Pp .Bl -tag -width 0x00 -compact .It 0x00 -Not tested +Not tested. .It 0x01 -Composite number - not prime. +Composite number \(en not prime. .It 0x02 -Sieve of Eratosthenes +Sieve of Eratosthenes. .It 0x04 Probabalistic Miller-Rabin primality tests. .El @@ -95,8 +94,8 @@ Subsequent .Xr ssh-keygen 1 primality tests are Miller-Rabin tests (flag 0x04). .It trials -Decimal number indicating of primaility trials that have been performed -on the modulus. +Decimal number indicating the number of primality trials +that have been performed on the modulus. .It size Decimal number indicating the size of the prime in bits. .It generator @@ -113,10 +112,9 @@ Diffie Hellman output to sufficiently key the selected symmetric cipher. then randomly selects a modulus from .Fa /etc/moduli that best meets the size requirement. -.Pp .Sh SEE ALSO .Xr ssh-keygen 1 , -.Xr sshd 8 , +.Xr sshd 8 .Rs .%R RFC 4419 .%T "Diffie-Hellman Group Exchange for the Secure Shell (SSH) Transport Layer Protocol" -- cgit v1.2.1