Updated moduli file in OpenSSH 3.8
dtucker at zip.com.au
Wed Feb 25 10:22:38 EST 2004
Moulding, Dan wrote:
> Can anybody briefly explain the significance of the updated moduli file?
> Is this a critical update? Should all existing installations update
> their moduli file?
Short Answer: No, it's not critical. If you've got a slow/overloaded
server, it would be worth doing, though.
Long Answer: There are 2 reasons it was updated.
1) The idea of Diffie-Hellman Group Exchange is (quoting from ):
"The ability to propose new groups will reduce the incentive to use
precomputation for more efficient calculation of the discrete loga-
In OpenSSH, those DH groups are stored in the moduli file. If the
moduli file was never updated, it might become worthwhile to do some
kind of precomputation on the groups in the file.
So, as a precaution, a new moduli file was generated for the release.
(Anyone can generate their own, BTW, see  and look for
"update-moduli", but be aware that it's several days worth of CPU time
on a fast processor.)
2) sshd will search the moduli file for groups at least as big as the
client requests. For some moduli sizes, the file contained moduli one
bit smaller than the power-of-two sizes that the client would ask for,
and as a result, sshd would end up using the next size up. This would
result in a speed penalty that was especially noticable on systems with
Old moduli New moduli
bits count bits count
1023 38 1023 33
1534 31 1535 43
2046 36 2047 36
3190 36 3071 39
4094 14 4095 32
(For some reason the "bits" column is stored as log2(n) rather than just
the number of bits in it. Mentally add 1 to get the actual number of bits.)
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
More information about the openssh-unix-dev