Hi, i've had EAP-TLS working well for a few weeks now, but am wondering about the most secure way to set up the dh and random files. Initially i just created static files using commands found in the list archives and/or the eap howto:
openssl dhparam -text -5 -out /opt/radius/etc/dh 512 dd if=/dev/urandom of=/opt/radius/etc/random count=2 And it works fine. But my concern is that this random data will become stale. How often should these files be refreshed -- with each server restart? Or at regular intervals via cron? Or would it be better to specify a dynamic source of entropy directly in radius.conf? (E.g. /dev/urandom , although i know people some people frown upon this.) Or does the staleness of the random data in those two files not matter? Any tips would be be greatly appreciated. TIA, -Matt - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
