diff options
| author | obrien <obrien@FreeBSD.org> | 2012-09-04 21:47:09 +0000 |
|---|---|---|
| committer | obrien <obrien@FreeBSD.org> | 2012-09-04 21:47:09 +0000 |
| commit | 30fc7390d1180dd90e5de1aa42afd3401f8ed46b (patch) | |
| tree | d8acc0be1fec68e27b534aa2edcd08fda0d64141 /etc | |
| parent | 2d0a5cb1e0e9d676c2b3e5999c28379692844fe9 (diff) | |
| download | FreeBSD-src-30fc7390d1180dd90e5de1aa42afd3401f8ed46b.zip FreeBSD-src-30fc7390d1180dd90e5de1aa42afd3401f8ed46b.tar.gz | |
* Rather than run the same 'ps' command twice, add 'kenv' which often
gives machine unique values from the firmware.
* The kernel is more likely to be unique than /bin/ls (but no need to
stuff many megabytes into /dev/random, so hash it).
* Change ordering to give larger variance across reboots to reduce
predictability.
Diffstat (limited to 'etc')
| -rwxr-xr-x | etc/rc.d/initrandom | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/etc/rc.d/initrandom b/etc/rc.d/initrandom index 2afdcf1..4783873 100755 --- a/etc/rc.d/initrandom +++ b/etc/rc.d/initrandom @@ -27,9 +27,11 @@ better_than_nothing() # harvesting rate. # Entropy below is not great, but better than nothing. # This unblocks the generator at startup - ( ps -fauxww; sysctl -a; date; df -ib; dmesg; ps -fauxww ) \ + # Note: commands are ordered to cause the most variance across reboots. + ( kenv; dmesg; df -ib; ps -fauxww; date; sysctl -a ) \ + | dd of=/dev/random bs=8k 2>/dev/null + /sbin/sha256 -q `sysctl -n kern.bootfile` \ | dd of=/dev/random bs=8k 2>/dev/null - cat /bin/ls | dd of=/dev/random bs=8k 2>/dev/null } initrandom_start() |
