* Rather than run the same 'ps' command twice, add 'kenv' which often

gives machine unique values from the firmware. * The kernel is more likely to be unique than /bin/ls (but no need to stuff many megabytes into /dev/random, so hash it). * Change ordering to give larger variance across reboots to reduce predictability.
2012-09-04 21:47:09 +00:00 · 2012-09-04 21:47:09 +00:00 · 30fc7390d1
commit 30fc7390d1
parent 2d0a5cb1e0
1 changed files with 4 additions and 2 deletions
--- a/etc/rc.d/initrandom
+++ b/etc/rc.d/initrandom
@ -27,9 +27,11 @@ better_than_nothing()
 	# harvesting rate.
 	# Entropy below is not great, but better than nothing.
 	# This unblocks the generator at startup
-	( ps -fauxww; sysctl -a; date; df -ib; dmesg; ps -fauxww ) \
+	# Note: commands are ordered to cause the most variance across reboots.
+	( kenv; dmesg; df -ib; ps -fauxww; date; sysctl -a ) \
+	    | dd of=/dev/random bs=8k 2>/dev/null
+	/sbin/sha256 -q `sysctl -n kern.bootfile` \
 	    | dd of=/dev/random bs=8k 2>/dev/null
-	cat /bin/ls | dd of=/dev/random bs=8k 2>/dev/null
 }

 initrandom_start()