On 10 Feb 2014, at 16:22, Gregory Sloop <gregs@sloop.net> wrote:
I'm curious about the many "examples" of EAP-TLS setup "how-to's" on the web.
[I did some searches of the list and elsewhere, and came up dry, though I didn't spend a long time on it...]
In many of them, the random_file is a pre-generated random set of data.
Knowing what [modest amount] I do, this seems like an incredibly bad idea. [At least with a functional random number generator at your disposal.]
There is at least one newer one using /dev/urandom [pseudo-random]. The stock eap.conf file in Ubuntu also does this.
I'm curious about why it would have ever been a pre-generated set of bits, which essentially have no entropy once they're given out/used - because they're not random any more, they're predictable.
If some kind soul would give me the trivia edition of why this was a common solution, I'd be grateful. [Or school me, nicely or course, about why you think it's an "Ok" practice.]
I'd quite like to know too. I've always set it to /dev/urandom in any configs i've deployed. -Arran Arran Cudbard-Bell <a.cudbardb@freeradius.org> FreeRADIUS Development Team FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2