The following patch replaces the previous patch. Works the same for Linux, works slightly better for kFreeBSD.
>From cbd6063ff8f0df65bae3d1dac47fd6830268f864 Mon Sep 17 00:00:00 2001 From: John Denker <j...@av8n.com> Date: Sat, 11 Sep 2010 10:04:48 -0700 Subject: [PATCH] Include date and time when seeding the RNG.
--- urandom | 30 +++++++++++++++++++++++------- 1 files changed, 23 insertions(+), 7 deletions(-) diff --git a/urandom b/urandom index 79344cb..26047a4 100755 --- a/urandom +++ b/urandom @@ -1,7 +1,7 @@ #! /bin/sh ### BEGIN INIT INFO # Provides: urandom -# Required-Start: $local_fs +# Required-Start: $local_fs $time # Required-Stop: $local_fs # Default-Start: S # Default-Stop: 0 6 @@ -35,12 +35,28 @@ fi case "$1" in start|"") [ "$VERBOSE" = no ] || log_action_begin_msg "Initializing random number generator" - # Load and then save $POOLBYTES bytes, - # which is the size of the entropy pool - if [ -f "$SAVEDFILE" ] - then - cat "$SAVEDFILE" >/dev/urandom - fi + # Seed the RNG with date and time. + # This is helpful in the less-than-ideal case where $SAVEDFILE + # is read-only. + # The value of this is greatly reduced if $SAVEDFILE is missing, + # or its contents are shared machine-to-machine or known to + # attackers (since they might well know at what time this + # machine booted up). + ( + date +%s.%N + + # Load and then save $POOLBYTES bytes, + # which is the size of the entropy pool + if [ -f "$SAVEDFILE" ] + then + cat "$SAVEDFILE" + fi + # Redirect output of subshell (not individual commands) + # to cope with a misfeature in the FreeBSD (not Linux) + # /dev/random, where every superuser write/close causes + # an explicit reseed of the yarrow. + ) >/dev/urandom + rm -f $SAVEDFILE # Write a new seed into $SAVEDFILE because re-using a seed # compromises security. Each time we re-seed, we want the -- 1.5.6.5