diff options
author | Jason McIntyre <jmc@cvs.openbsd.org> | 2008-06-26 06:59:40 +0000 |
---|---|---|
committer | Jason McIntyre <jmc@cvs.openbsd.org> | 2008-06-26 06:59:40 +0000 |
commit | 80a004f1f34cf827f5acdc8a2fc9593cc94e6306 (patch) | |
tree | 89ca0edd9256d2cff60b4a435192d6a45e38d5f1 /share/man/man5/moduli.5 | |
parent | cbd1742983ddae83f909df1c23efb2712702ab51 (diff) |
tweak previous;
Diffstat (limited to 'share/man/man5/moduli.5')
-rw-r--r-- | share/man/man5/moduli.5 | 28 |
1 files changed, 13 insertions, 15 deletions
diff --git a/share/man/man5/moduli.5 b/share/man/man5/moduli.5 index 4a99439cc64..a1321abdf23 100644 --- a/share/man/man5/moduli.5 +++ b/share/man/man5/moduli.5 @@ -1,4 +1,4 @@ -.\" $OpenBSD: moduli.5,v 1.12 2008/06/26 05:57:54 djm Exp $ +.\" $OpenBSD: moduli.5,v 1.13 2008/06/26 06:59:39 jmc Exp $ .\" .\" Copyright (c) 2008 Damien Miller <djm@mindrot.org> .\" @@ -22,7 +22,7 @@ .Sh DESCRIPTION The .Pa /etc/moduli -file contains prime numbers and generators for use by +file contains prime numbers and generators for use by .Xr sshd 8 in the Diffie-Hellman Group Exchange key exchange method. .Pp @@ -31,13 +31,13 @@ New moduli may be generated with using a two-step process. An initial .Em candidate generation -pass, using +pass, using .Ic ssh-keygen -G , calculates numbers that are likely to be useful. A second .Em primality testing pass, using -.Ic ssh-keygen -T +.Ic ssh-keygen -T , provides a high degree of assurance that the numbers are prime and are safe for use in Diffie Hellman operations by .Xr sshd 8 . @@ -46,9 +46,8 @@ This format is used as the output from each pass. .Pp The file consists of newline-separated records, one per modulus, -containing seven space separated fields. +containing seven space-separated fields. These fields are as follows: -.Pp .Bl -tag -width Description -offset indent .It timestamp The time that the modulus was last processed as YYYYMMDDHHMMSS. @@ -58,7 +57,7 @@ Supported types are: .Pp .Bl -tag -width 0x00 -compact .It 0 -Unknown, not tested +Unknown, not tested. .It 2 "Safe" prime; (p-1)/2 is also prime. .It 4 @@ -68,7 +67,7 @@ Sophie Germain; (p+1)*2 is also prime. Moduli candidates initially produced by .Xr ssh-keygen 1 are Sophie Germain primes (type 4). -Futher primality testing with +Further primality testing with .Xr ssh-keygen 1 produces safe prime moduli (type 2) that are ready for use in .Xr sshd 8 . @@ -79,11 +78,11 @@ has been subjected to represented as a bitmask of the following values: .Pp .Bl -tag -width 0x00 -compact .It 0x00 -Not tested +Not tested. .It 0x01 -Composite number - not prime. +Composite number \(en not prime. .It 0x02 -Sieve of Eratosthenes +Sieve of Eratosthenes. .It 0x04 Probabalistic Miller-Rabin primality tests. .El @@ -95,8 +94,8 @@ Subsequent .Xr ssh-keygen 1 primality tests are Miller-Rabin tests (flag 0x04). .It trials -Decimal number indicating of primaility trials that have been performed -on the modulus. +Decimal number indicating the number of primality trials +that have been performed on the modulus. .It size Decimal number indicating the size of the prime in bits. .It generator @@ -113,10 +112,9 @@ Diffie Hellman output to sufficiently key the selected symmetric cipher. then randomly selects a modulus from .Fa /etc/moduli that best meets the size requirement. -.Pp .Sh SEE ALSO .Xr ssh-keygen 1 , -.Xr sshd 8 , +.Xr sshd 8 .Rs .%R RFC 4419 .%T "Diffie-Hellman Group Exchange for the Secure Shell (SSH) Transport Layer Protocol" |