kernel random subsystem - bootblocks read root:/etc/random.seed - mix with RDRAND (or other clock source) information - Passes data to kernel as an ELF segment - kernel always collects entropy from interrupt sources or random devices in the normal fashion, and mixes in - rc scripts create new /etc/random.seed file - shutdown scripts (also) create new /etc/random.seed file - Additional file: /var/db/host.random