EAP-TLS and random_file

Gregory Sloop gregs at sloop.net
Mon Feb 10 17:22:58 CET 2014

I'm curious about the many "examples" of EAP-TLS setup "how-to's" on
the web.

[I did some searches of the list and elsewhere, and came up dry,
though I didn't spend a long time on it...]

In many of them, the random_file is a pre-generated random set of

Knowing what [modest amount] I do, this seems like an incredibly bad
idea. [At least with a functional random number generator at your

There is at least one newer one using /dev/urandom [pseudo-random]. The
stock eap.conf file in Ubuntu also does this.

I'm curious about why it would have ever been a pre-generated set of
bits, which essentially have no entropy once they're given out/used -
because they're not random any more, they're predictable.

If some kind soul would give me the trivia edition of why this was
a common solution, I'd be grateful. [Or school me, nicely or course,
about why you think it's an "Ok" practice.]


More information about the Freeradius-Users mailing list