Date: Tue, 4 Sep 2012 21:47:09 +0000 (UTC) From: "David E. O'Brien" <obrien@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r240108 - head/etc/rc.d Message-ID: <201209042147.q84Ll92Y023832@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: obrien Date: Tue Sep 4 21:47:09 2012 New Revision: 240108 URL: http://svn.freebsd.org/changeset/base/240108 Log: * Rather than run the same 'ps' command twice, add 'kenv' which often gives machine unique values from the firmware. * The kernel is more likely to be unique than /bin/ls (but no need to stuff many megabytes into /dev/random, so hash it). * Change ordering to give larger variance across reboots to reduce predictability. Modified: head/etc/rc.d/initrandom Modified: head/etc/rc.d/initrandom ============================================================================== --- head/etc/rc.d/initrandom Tue Sep 4 21:40:53 2012 (r240107) +++ head/etc/rc.d/initrandom Tue Sep 4 21:47:09 2012 (r240108) @@ -27,9 +27,11 @@ better_than_nothing() # harvesting rate. # Entropy below is not great, but better than nothing. # This unblocks the generator at startup - ( ps -fauxww; sysctl -a; date; df -ib; dmesg; ps -fauxww ) \ + # Note: commands are ordered to cause the most variance across reboots. + ( kenv; dmesg; df -ib; ps -fauxww; date; sysctl -a ) \ + | dd of=/dev/random bs=8k 2>/dev/null + /sbin/sha256 -q `sysctl -n kern.bootfile` \ | dd of=/dev/random bs=8k 2>/dev/null - cat /bin/ls | dd of=/dev/random bs=8k 2>/dev/null } initrandom_start()
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201209042147.q84Ll92Y023832>