Updated moduli file in OpenSSH 3.8

Darren Tucker dtucker at zip.com.au
Wed Feb 25 10:22:38 EST 2004

Moulding, Dan wrote:
> Can anybody briefly explain the significance of the updated moduli file?
> Is this a critical update? Should all existing installations update
> their moduli file?

Short Answer: No, it's not critical.  If you've got a slow/overloaded 
server, it would be worth doing, though.

Long Answer: There are 2 reasons it was updated.

1) The idea of Diffie-Hellman Group Exchange is (quoting from [1]):
   "The ability to propose new groups will reduce the incentive to use
   precomputation for more efficient calculation of the discrete loga-

	In OpenSSH, those DH groups are stored in the moduli file.  If the 
moduli file was never updated, it might become worthwhile to do some 
kind of precomputation on the groups in the file.

	So, as a precaution, a new moduli file was generated for the release. 
(Anyone can generate their own, BTW, see [2] and look for 
"update-moduli", but be aware that it's several days worth of CPU time 
on a fast processor.)

2) sshd will search the moduli file for groups at least as big as the 
client requests.  For some moduli sizes, the file contained moduli one 
bit smaller than the power-of-two sizes that the client would ask for, 
and as a result, sshd would end up using the next size up.  This would 
result in a speed penalty that was especially noticable on systems with 
slowish CPUs.

For comparison:

Old moduli       New moduli
bits    count    bits    count
1023    38       1023    33
1534    31       1535    43
2046    36       2047    36
3190    36       3071    39
4094    14       4095    32

(For some reason the "bits" column is stored as log2(n) rather than just 
the number of bits in it.  Mentally add 1 to get the actual number of bits.)


[2] http://www.openbsd.org/cgi-bin/cvsweb/src/etc/Makefile?rev=HEAD

Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4  37C9 C982 80C7 8FF4 FA69
     Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.

More information about the openssh-unix-dev mailing list