upstream/opnsense-src
1
0
Fork 0
mirror of https://github.com/opnsense/src.git synced 2026-05-28 04:12:45 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

* Rather than run the same 'ps' command twice, add 'kenv' which often

Browse source 
gives machine unique values from the firmware.
* The kernel is more likely to be unique than /bin/ls (but no need to
  stuff many megabytes into /dev/random, so hash it).
* Change ordering to give larger variance across reboots to reduce
  predictability.
This commit is contained in:
David E. O'Brien 2012-09-04 21:47:09 +00:00
parent edab57e04e
commit 203b2f2fa4
1 changed files with 4 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
etc/rc.d/initrandom
View file

@ -27,9 +27,11 @@ better_than_nothing()
# harvesting rate.
# Entropy below is not great, but better than nothing.
# This unblocks the generator at startup
( ps -fauxww; sysctl -a; date; df -ib; dmesg; ps -fauxww ) \
# Note: commands are ordered to cause the most variance across reboots.
( kenv; dmesg; df -ib; ps -fauxww; date; sysctl -a ) \
| dd of=/dev/random bs=8k 2>/dev/null
/sbin/sha256 -q `sysctl -n kern.bootfile` \
| dd of=/dev/random bs=8k 2>/dev/null
cat /bin/ls | dd of=/dev/random bs=8k 2>/dev/null
}
initrandom_start()