diff options
| author | David E. O'Brien <obrien@FreeBSD.org> | 2012-09-04 21:47:09 +0000 |
|---|---|---|
| committer | David E. O'Brien <obrien@FreeBSD.org> | 2012-09-04 21:47:09 +0000 |
| commit | 203b2f2fa4a8d89b90812438b6060dd957c88ed3 (patch) | |
| tree | d8acc0be1fec68e27b534aa2edcd08fda0d64141 /etc/rc.d/initrandom | |
| parent | edab57e04e8c6bfbcb30dacc2135c2325d685646 (diff) | |
| download | src-203b2f2fa4a8d89b90812438b6060dd957c88ed3.tar.gz src-203b2f2fa4a8d89b90812438b6060dd957c88ed3.zip | |
* Rather than run the same 'ps' command twice, add 'kenv' which often
gives machine unique values from the firmware.
* The kernel is more likely to be unique than /bin/ls (but no need to
stuff many megabytes into /dev/random, so hash it).
* Change ordering to give larger variance across reboots to reduce
predictability.
Notes
Notes:
svn path=/head/; revision=240108
Diffstat (limited to 'etc/rc.d/initrandom')
| -rwxr-xr-x | etc/rc.d/initrandom | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/etc/rc.d/initrandom b/etc/rc.d/initrandom index 2afdcf14ffb9..47838737806e 100755 --- a/etc/rc.d/initrandom +++ b/etc/rc.d/initrandom @@ -27,9 +27,11 @@ better_than_nothing() # harvesting rate. # Entropy below is not great, but better than nothing. # This unblocks the generator at startup - ( ps -fauxww; sysctl -a; date; df -ib; dmesg; ps -fauxww ) \ + # Note: commands are ordered to cause the most variance across reboots. + ( kenv; dmesg; df -ib; ps -fauxww; date; sysctl -a ) \ + | dd of=/dev/random bs=8k 2>/dev/null + /sbin/sha256 -q `sysctl -n kern.bootfile` \ | dd of=/dev/random bs=8k 2>/dev/null - cat /bin/ls | dd of=/dev/random bs=8k 2>/dev/null } initrandom_start() |