Updated moduli file in OpenSSH 3.8
djm at mindrot.org
Wed Feb 25 10:22:56 EST 2004
Moulding, Dan wrote:
> Can anybody briefly explain the significance of the updated moduli file?
> Is this a critical update? Should all existing installations update
> their moduli file?
The purpose of the group-exchange KEX method is to make cryptographic
attacks against well-known DH groups impractical, by providing a
diversity of moduli. Obviously this works best if the moduli are
recycled every now and then. So, the update isn't critical, but it is
Note that recent versions of ssh-keygen allow you to generate moduli for
yourself. Have a look at the "MODULI GENERATION" section of the
ssh-keygen manpage for details on how to do this.
Note that you will need to generate a range of group sizes for this to
be effective. I'd recommend that you base these on the sizes of the
shipped moduli file. Beware - the generation process is quite slow and
More information about the openssh-unix-dev