Index: etc/defaults/rc.conf
===================================================================
--- etc/defaults/rc.conf
+++ etc/defaults/rc.conf
@@ -630,15 +630,16 @@
 			# in the system booting with securelevel set to 1, as
 			# init(8) will raise the level when rc(8) completes.
 update_motd="YES"	# update version info in /etc/motd (or NO)
-entropy_file="/entropy"	# Set to NO to disable caching entropy through reboots.
+entropy_boot_file="/boot/entropy"	# Set to NO to disable very early
+			# (used at early boot time) entropy caching through reboots.
+entropy_file="/entropy"	# Set to NO to disable late (used when going multi-user)
+			# entropy through reboots.
 			# /var/db/entropy-file is preferred if / is not avail.
 entropy_dir="/var/db/entropy" # Set to NO to disable caching entropy via cron.
 entropy_save_sz="4096"	# Size of the entropy cache files.
 entropy_save_num="8"	# Number of entropy cache files to save.
-harvest_interrupt="YES"	# Entropy device harvests interrupt randomness
-harvest_ethernet="YES"	# Entropy device harvests ethernet randomness
-harvest_p_to_p="YES"	# Entropy device harvests point-to-point randomness
-harvest_swi="YES"	# Entropy device harvests internal SWI randomness
+harvest_mask="511"	# Entropy device harvests all but the very invasive sources.
+			# (See 'sysctl kern.random.harvest' and random(4))
 dmesg_enable="YES"	# Save dmesg(8) to /var/run/dmesg.boot
 watchdogd_enable="NO"	# Start the software watchdog daemon
 watchdogd_flags=""	# Flags to watchdogd (if enabled)
Index: etc/rc.d/random
===================================================================
--- etc/rc.d/random
+++ etc/rc.d/random
@@ -41,6 +41,13 @@
 
 random_start()
 {
+
+	if [ ${harvest_mask} -gt 0 ]; then
+		echo -n 'Setting up harvesting:'
+		${SYSCTL} kern.random.harvest.mask=${harvest_mask} > /dev/null
+		${SYSCTL_N} sysctl -n kern.random.harvest.mask_symbolic
+	fi
+
 	echo -n 'Feeding entropy:'
 
 	if [ ! -w /dev/random ] ; then
@@ -68,6 +75,14 @@
 		;;
 	esac
 
+	case ${entropy_boot_file:=/boot/entropy} in
+	[Nn][Oo] | '')
+		;;
+	*)
+		save_dev_random "${entropy_boot_file}"
+		;;
+	esac
+
 	echo '.'
 }
 
@@ -100,7 +115,33 @@
 			;;
 		*)
 			dd if=/dev/random of=${entropy_file_confirmed} \
-			   bs=4096 count=1 2> /dev/null
+			    bs=4096 count=1 2> /dev/null ||
+			    warn 'write failed (unwriteable file or full fs?)'
+			echo '.'
+			;;
+		esac
+		umask ${oumask}
+		;;
+	esac
+	case ${entropy_boot_file:=/boot/entropy} in
+	[Nn][Oo] | '')
+		;;
+	*)
+		echo -n 'Writing early boot entropy file:'
+		rm -f ${entropy_boot_file} 2> /dev/null
+		oumask=`umask`
+		umask 077
+		if touch ${entropy_boot_file} 2> /dev/null; then
+			entropy_boot_file_confirmed="${entropy_boot_file}"
+		fi
+		case ${entropy_boot_file_confirmed} in
+		'')
+			warn 'write failed (read-only fs?)'
+			;;
+		*)
+			dd if=/dev/random of=${entropy_boot_file_confirmed} \
+			    bs=4096 count=1 2> /dev/null ||
+			    warn 'write failed (unwriteable file or full fs?)'
 			echo '.'
 			;;
 		esac
Index: share/man/man5/rc.conf.5
===================================================================
--- share/man/man5/rc.conf.5
+++ share/man/man5/rc.conf.5
@@ -3995,27 +3995,11 @@
 .Va jail_ Ns Ao Ar jname Ac Ns Va _sysvipc_allow
 .El
 .\" -----------------------------------------------------
-.It Va harvest_interrupt
-.Pq Vt bool
-Set to
-.Dq Li YES
-to use hardware interrupts as an entropy source.
-Refer to
-.Xr random 4
-for more information.
-.It Va harvest_ethernet
-.Pq Vt bool
-Set to
-.Dq Li YES
-to use LAN traffic as an entropy source.
-Refer to
-.Xr random 4
-for more information.
-.It Va harvest_p_to_p
-.Pq Vt bool
-Set to
-.Dq Li YES
-to use serial line traffic as an entropy source.
+.It Va harvest_mask
+.Pq Vt int
+Set to a bit-mask
+representing the entropy sources
+you wish to harvest.
 Refer to
 .Xr random 4
 for more information.
@@ -4025,17 +4009,52 @@
 .Dq Li NO
 to disable caching entropy via
 .Xr cron 8 .
-Otherwise set to the directory used to store entropy files in.
+Otherwise set to the directory
+in which the entropy files are stored.
+To be useful,
+there must be
+a system cron job
+that regularly writes and rotates
+files here.
+All files found
+will be used at boot time.
+The default is
+.Pa /var/db/entropy .
 .It Va entropy_file
 .Pq Vt str
 Set to
 .Dq Li NO
 to disable caching entropy through reboots.
-Otherwise set to the filename used to store cached entropy through
-reboots.
-This file should be located on the root file system to seed the
-.Xr random 4
-device as early as possible in the boot process.
+Otherwise set to the name
+of a file used to store cached entropy.
+This file should be located
+on a file system that is readable
+before all the volumes specified in
+.Xr fstab 5
+are mounted.
+By default,
+.Pa /entropy
+is used,
+but if
+.Pa /var/db/entropy-file
+is found it will also be used.
+This will be of some use to
+.Xr bsdinstall 8 .
+.It Va entropy_boot_file
+.Pq Vt str
+Set to
+.Dq Li NO
+to disable
+very early caching entropy
+through reboots.
+Otherwise set to the filename
+used to read
+very early reboot cached entropy.
+This file should be located where
+.Xr loader 8
+can read it.
+The default location is
+.Pa /boot/entropy .
 .It Va entropy_save_sz
 .Pq Vt int
 Size of the entropy cache files saved by