This might seems curios, but it's basing the logic on the symmetric cipher bit length. The correlation from symmetric bit lengths to DH moduli sizes is coming from NIST SP 800-57 Part 1 rev. 5 (May 2020).
The only difference being that the NIST standard recommends 15,360-bit lengths as a maximum length, where OpenSSH is cutting it off at 8,192 bits, which seems reasonable.
https://csrc.nist.gov/pubs/sp/800/57/pt1/r5/final
Aaron Toponce ⚛️:debian:
npub1t9…t8529
2025-02-27 00:36:43 UTC
in reply to nevent1q…day7
Author Public Key
npub1t9cz9v7zph5jvadd8rjfp25msrx6r0hdxnsyfmx88k8qp3pvv04szt8529Published at
2025-02-27 00:36:43 UTCEvent JSON
{
"id": "a390024f08739e8432b0e4cd4b2dd200e7a24dde73bef116f53b102e8221371a",
"pubkey": "597022b3c20de92675ad38e490aa9b80cda1beed34e044ecc73d8e00c42c63eb",
"created_at": 1740616603,
"kind": 1,
"tags": [
[
"e",
"b44ed338754ae68e0dc77b03337ccf3dbfc8f0943c434dfd8ab135d39fd3b360",
"",
"reply",
"597022b3c20de92675ad38e490aa9b80cda1beed34e044ecc73d8e00c42c63eb"
],
[
"e",
"43b4903228f745dad991a352f3050274eafcf87f17dc0ccbd647f4f64fb7970e",
"",
"root",
"597022b3c20de92675ad38e490aa9b80cda1beed34e044ecc73d8e00c42c63eb"
],
[
"proxy",
"https://fosstodon.org/@atoponce/114073049734834753",
"web"
],
[
"p",
"597022b3c20de92675ad38e490aa9b80cda1beed34e044ecc73d8e00c42c63eb"
],
[
"proxy",
"https://fosstodon.org/users/atoponce/statuses/114073049734834753",
"activitypub"
],
[
"L",
"pink.momostr"
],
[
"l",
"pink.momostr.activitypub:https://fosstodon.org/users/atoponce/statuses/114073049734834753",
"pink.momostr"
],
[
"-"
]
],
"content": "This might seems curios, but it's basing the logic on the symmetric cipher bit length. The correlation from symmetric bit lengths to DH moduli sizes is coming from NIST SP 800-57 Part 1 rev. 5 (May 2020).\n\nThe only difference being that the NIST standard recommends 15,360-bit lengths as a maximum length, where OpenSSH is cutting it off at 8,192 bits, which seems reasonable.\n\nhttps://csrc.nist.gov/pubs/sp/800/57/pt1/r5/final",
"sig": "ead4eae1be1624d8540cb01ceedf45892de589ebd163d569f0b883b57825aa4818148ea4df7eca74eb027c27f65f241a4187a5abff6bd806b251527413bd6f5f"
}