[PATCH] Include date and time when seeding the RNG.

[John Denker]

---
 urandom |   30 +++++++++++++++++++++++-------
 1 files changed, 23 insertions(+), 7 deletions(-)

diff --git a/urandom b/urandom
index 79344cb..26047a4 100755
--- a/urandom
+++ b/urandom
@@ -1,7 +1,7 @@
 #! /bin/sh
 ### BEGIN INIT INFO
 # Provides:          urandom
-# Required-Start:    $local_fs
+# Required-Start:    $local_fs $time
 # Required-Stop:     $local_fs
 # Default-Start:     S
 # Default-Stop:      0 6
@@ -35,12 +35,28 @@ fi
 case "$1" in
   start|"")
 	[ "$VERBOSE" = no ] || log_action_begin_msg "Initializing random number generator"
-	# Load and then save $POOLBYTES bytes,
-	# which is the size of the entropy pool
-	if [ -f "$SAVEDFILE" ]
-	then
-		cat "$SAVEDFILE" >/dev/urandom
-	fi
+	# Seed the RNG with date and time.
+	# This is helpful in the less-than-ideal case where $SAVEDFILE
+	# is read-only.
+	# The value of this is greatly reduced if $SAVEDFILE is missing,
+	# or its contents are shared machine-to-machine or known to
+	# attackers (since they might well know at what time this
+	# machine booted up).
+	( 
+	  date +%s.%N 
+
+	  # Load and then save $POOLBYTES bytes,
+	  # which is the size of the entropy pool
+	  if [ -f "$SAVEDFILE" ]
+	  then
+		  cat "$SAVEDFILE" 
+	  fi
+	# Redirect output of subshell (not individual commands)
+	# to cope with a misfeature in the FreeBSD (not Linux)
+	# /dev/random, where every superuser write/close causes
+	# an explicit reseed of the yarrow.
+	) >/dev/urandom
+
 	rm -f $SAVEDFILE
 	# Write a new seed into $SAVEDFILE because re-using a seed
 	# compromises security.	 Each time we re-seed, we want the
-- 
1.5.6.5


--------------020002050000050503020502--