(somebody) wrote:
> 
> Can you explain the file to me, please?  I have one unmodified since
> 10/9/2002 and with the following comment:
>   $OpenBSD: moduli,v 1.1 2001/06/22 22:07:54 provos Exp $
> The man page doesn't say anything about modifying it.
> 
Hmmm, I wrote the man page.  Maybe it should!

As originally implemented, SSH only used 1 modulus, forever.

As Karn and I wrote Photuris, we thought it best to be able to vary 
moduli over time.  At first, folks used 512 and 768 bit moduli.  Now, 
even 1024 bit moduli are thought to be vulnerable in the long term. 

Therefore, a very large number of different moduli should be used, and 
the moduli should be replaced from time to time.  This discourages 
certain large organizations from analysing any particular modulus.  

I've even provided programs for generating the moduli file [PR 21983].

When OpenSSH "borrowed" the Photuris moduli file, and we wrote up the 
internet-draft describing the moduli exchange for SSH, Niels generated 
a new set.  It hasn't been done for awhile. 

Someday, I hope to get the weekly script to generate new 1024 bit 
moduli on every machine.  That only takes a few hours. 
-- 
William Allen Simpson
    Key fingerprint =  17 40 5E 67 15 6F 31 26  DD 0D B9 9B 6A 15 2C 32