EAP-TLS and random_file
Alan DeKok
aland at deployingradius.com
Mon Feb 10 18:48:48 CET 2014
Gregory Sloop wrote:
> In many of them, the random_file is a pre-generated random set of
> data.
>
> Knowing what [modest amount] I do, this seems like an incredibly bad
> idea. [At least with a functional random number generator at your
> disposal.]
Yes.
> There is at least one newer one using /dev/urandom [pseudo-random]. The
> stock eap.conf file in Ubuntu also does this.
>
> I'm curious about why it would have ever been a pre-generated set of
> bits, which essentially have no entropy once they're given out/used -
> because they're not random any more, they're predictable.
It's historical.
> If some kind soul would give me the trivia edition of why this was
> a common solution, I'd be grateful. [Or school me, nicely or course,
> about why you think it's an "Ok" practice.]
It's not.
Alan DeKok.
More information about the Freeradius-Users
mailing list