summaryrefslogtreecommitdiff
path: root/share/man/man5/moduli.5
diff options
context:
space:
mode:
authorJason McIntyre <jmc@cvs.openbsd.org>2008-06-26 06:59:40 +0000
committerJason McIntyre <jmc@cvs.openbsd.org>2008-06-26 06:59:40 +0000
commit80a004f1f34cf827f5acdc8a2fc9593cc94e6306 (patch)
tree89ca0edd9256d2cff60b4a435192d6a45e38d5f1 /share/man/man5/moduli.5
parentcbd1742983ddae83f909df1c23efb2712702ab51 (diff)
tweak previous;
Diffstat (limited to 'share/man/man5/moduli.5')
-rw-r--r--share/man/man5/moduli.528
1 files changed, 13 insertions, 15 deletions
diff --git a/share/man/man5/moduli.5 b/share/man/man5/moduli.5
index 4a99439cc64..a1321abdf23 100644
--- a/share/man/man5/moduli.5
+++ b/share/man/man5/moduli.5
@@ -1,4 +1,4 @@
-.\" $OpenBSD: moduli.5,v 1.12 2008/06/26 05:57:54 djm Exp $
+.\" $OpenBSD: moduli.5,v 1.13 2008/06/26 06:59:39 jmc Exp $
.\"
.\" Copyright (c) 2008 Damien Miller <djm@mindrot.org>
.\"
@@ -22,7 +22,7 @@
.Sh DESCRIPTION
The
.Pa /etc/moduli
-file contains prime numbers and generators for use by
+file contains prime numbers and generators for use by
.Xr sshd 8
in the Diffie-Hellman Group Exchange key exchange method.
.Pp
@@ -31,13 +31,13 @@ New moduli may be generated with
using a two-step process.
An initial
.Em candidate generation
-pass, using
+pass, using
.Ic ssh-keygen -G ,
calculates numbers that are likely to be useful.
A second
.Em primality testing
pass, using
-.Ic ssh-keygen -T
+.Ic ssh-keygen -T ,
provides a high degree of assurance that the numbers are prime and are
safe for use in Diffie Hellman operations by
.Xr sshd 8 .
@@ -46,9 +46,8 @@ This
format is used as the output from each pass.
.Pp
The file consists of newline-separated records, one per modulus,
-containing seven space separated fields.
+containing seven space-separated fields.
These fields are as follows:
-.Pp
.Bl -tag -width Description -offset indent
.It timestamp
The time that the modulus was last processed as YYYYMMDDHHMMSS.
@@ -58,7 +57,7 @@ Supported types are:
.Pp
.Bl -tag -width 0x00 -compact
.It 0
-Unknown, not tested
+Unknown, not tested.
.It 2
"Safe" prime; (p-1)/2 is also prime.
.It 4
@@ -68,7 +67,7 @@ Sophie Germain; (p+1)*2 is also prime.
Moduli candidates initially produced by
.Xr ssh-keygen 1
are Sophie Germain primes (type 4).
-Futher primality testing with
+Further primality testing with
.Xr ssh-keygen 1
produces safe prime moduli (type 2) that are ready for use in
.Xr sshd 8 .
@@ -79,11 +78,11 @@ has been subjected to represented as a bitmask of the following values:
.Pp
.Bl -tag -width 0x00 -compact
.It 0x00
-Not tested
+Not tested.
.It 0x01
-Composite number - not prime.
+Composite number \(en not prime.
.It 0x02
-Sieve of Eratosthenes
+Sieve of Eratosthenes.
.It 0x04
Probabalistic Miller-Rabin primality tests.
.El
@@ -95,8 +94,8 @@ Subsequent
.Xr ssh-keygen 1
primality tests are Miller-Rabin tests (flag 0x04).
.It trials
-Decimal number indicating of primaility trials that have been performed
-on the modulus.
+Decimal number indicating the number of primality trials
+that have been performed on the modulus.
.It size
Decimal number indicating the size of the prime in bits.
.It generator
@@ -113,10 +112,9 @@ Diffie Hellman output to sufficiently key the selected symmetric cipher.
then randomly selects a modulus from
.Fa /etc/moduli
that best meets the size requirement.
-.Pp
.Sh SEE ALSO
.Xr ssh-keygen 1 ,
-.Xr sshd 8 ,
+.Xr sshd 8
.Rs
.%R RFC 4419
.%T "Diffie-Hellman Group Exchange for the Secure Shell (SSH) Transport Layer Protocol"