EAP-TLS and random_file
Gregory Sloop
gregs at sloop.net
Mon Feb 10 17:22:58 CET 2014
I'm curious about the many "examples" of EAP-TLS setup "how-to's" on
the web.
[I did some searches of the list and elsewhere, and came up dry,
though I didn't spend a long time on it...]
In many of them, the random_file is a pre-generated random set of
data.
Knowing what [modest amount] I do, this seems like an incredibly bad
idea. [At least with a functional random number generator at your
disposal.]
There is at least one newer one using /dev/urandom [pseudo-random]. The
stock eap.conf file in Ubuntu also does this.
I'm curious about why it would have ever been a pre-generated set of
bits, which essentially have no entropy once they're given out/used -
because they're not random any more, they're predictable.
If some kind soul would give me the trivia edition of why this was
a common solution, I'd be grateful. [Or school me, nicely or course,
about why you think it's an "Ok" practice.]
-Greg
More information about the Freeradius-Users
mailing list