I'm currently using EAP-TLS with 3072 bit RSA certificates and a 3072 bit DH paramters. Currently I'm using the random file produced by the bootstrap script which appears to take 10 bytes of data from /dev/urandom. Is this sufficient with the larger keysize I am using? In addition, many howtos suggest using /dev/urandom directly. Is this a good idea? Jason -- Jason Wittlin-Cohen Yale Law School, Class of 2010 jason.wittlin-cohen@yale.edu
Jason Wittlin-Cohen wrote:
I'm currently using EAP-TLS with 3072 bit RSA certificates and a 3072 bit DH paramters. Currently I'm using the random file produced by the bootstrap script which appears to take 10 bytes of data from /dev/urandom. Is this sufficient with the larger keysize I am using? In addition, many howtos suggest using /dev/urandom directly. Is this a good idea?
Using /dev/urandom is fine. It's not on every system, so the server doesn't use it by default. Alan DeKok.
participants (2)
-
Alan DeKok -
Jason Wittlin-Cohen