Verification of primes in /etc/ssh/moduli file

Hubert Kario hkario at
Wed Aug 18 21:14:17 AEST 2021

Hello everybody!

For the past few years we've used a tool to double-check the security of
the primes shipped in the OpenSSH moduli file:

In short, it uses primality certificates to mathematically prove that all 
parameters use safe primes and a bit of simple maths to check if they're 
vulnerable to Special Number Field Sieve.

I wrote an article on why it's necessary, a high level overview how it
does it and how you can run it yourself:
Hubert Kario
Senior Quality Engineer, QE BaseOS Security team
Red Hat Czech s.r.o., Purkyňova 99/71, 612 45, Brno, Czech Republic

More information about the openssh-unix-dev mailing list