9 Dec
2008
9 Dec
'08
10:39 a.m.
Jason Wittlin-Cohen wrote:
I'm currently using EAP-TLS with 3072 bit RSA certificates and a 3072 bit DH paramters. Currently I'm using the random file produced by the bootstrap script which appears to take 10 bytes of data from /dev/urandom. Is this sufficient with the larger keysize I am using? In addition, many howtos suggest using /dev/urandom directly. Is this a good idea?
Using /dev/urandom is fine. It's not on every system, so the server doesn't use it by default. Alan DeKok.