diff --git a/etc/rc b/etc/rc
index 4935b5f2450b..702b42a11dec 100644
--- a/etc/rc
+++ b/etc/rc
@@ -69,26 +69,19 @@ elif [ -r /etc/rc.conf ]; then
 	. /etc/rc.conf
 fi
 
-# Recover some entropy so the rebooting /dev/random can reseed
+
+# First pass at entropy recovery so the rebooting /dev/random can reseed.
 #
 case ${entropy_file} in
 [Nn][Oo] | '')
 	;;
 *)
 	if [ -w /dev/random ]; then
-		if [ -f ${entropy_file} -a -r ${entropy_file} ]; then
-			echo "Reading entropy file"
+		if [ -f "${entropy_file}" -a -r "${entropy_file}" -a \
+		    -s "${entropy_file}" ]; then
+			echo "Using ${entropy_file} as an entropy file"
 			cat ${entropy_file} > /dev/random 2> /dev/random
-			rm -f ${entropy_file}
-		else
-			echo "No entropy file, trying other sources"
-			# XXX temporary until we can get the entropy
-			# harvesting rate up
-			# Entropy below is not great, but better than nothing.
-			(ps -gauxwww; iostat; vmstat; dmesg) > /dev/random 2> /dev/random
-			( for i in /etc /var/run ; do
-				cd $i ; ls -al ; cat *
-			done ) > /dev/random 2> /dev/random
+			entropy_reseeded=yes
 		fi
 	fi
 	;;
@@ -183,6 +176,45 @@ if [ -n "${diskless_mount}" -a -r "${diskless_mount}" ]; then
 		sh ${diskless_mount}
 fi
 
+# Second attempt at reseeding, if needed.
+#
+case ${entropy_reseeded} in
+yes)
+	;;
+*)
+	case ${entropy_file} in
+	[Nn][Oo] | '')
+		;;
+	*)
+		if [ -w /dev/random ]; then
+			if [ -f "${entropy_file}" -a -r "${entropy_file}" -a \
+			    -s "${entropy_file}" ]; then
+				echo "Using ${entropy_file} as an entropy file"
+				cat ${entropy_file} > /dev/random 2> /dev/random
+			elif [ "${entropy_file}" != /var/db/entropy -a \
+			    -f /var/db/entropy -a -r /var/db/entropy -a \
+			    -s /var/db/entropy ]; then
+				echo "Using /var/db/entropy as an entropy file"
+				cat /var/db/entropy > /dev/random 2> /dev/random
+			else
+				echo "Can't use ${entropy_file} as an entropy file, trying other sources"
+				# XXX temporary until we can get the entropy
+				# harvesting rate up
+				# Entropy below is not great, but better than nothing.
+				(ps -gauxwww; iostat; vmstat; sysctl -a; dmesg) > /dev/random 2> /dev/random
+				( for i in /etc /var/run ; do
+					cd $i ; ls -al ; cat *
+				done ) > /dev/random 2> /dev/random
+			fi
+		fi
+		;;
+	esac
+	;;
+esac
+
+# Remove these to prevent problems on future reboots
+rm -f "${entropy_file}" /var/db/entropy
+
 adjkerntz -i
 
 purgedir() {
diff --git a/etc/rc.shutdown b/etc/rc.shutdown
index f0bc93c4fedb..67194148f81f 100644
--- a/etc/rc.shutdown
+++ b/etc/rc.shutdown
@@ -62,9 +62,25 @@ case ${entropy_file} in
 	rm -f ${entropy_file}
 	oumask=`umask`
 	umask 077
-	touch ${entropy_file} && \
-		dd if=/dev/random of=${entropy_file} \
+	if touch ${entropy_file} ; then
+		entropy_file_confirmed="${entropy_file}"
+	else
+		# Try this as a reasonable alternative for read-only
+		# roots, diskless workstations, etc.
+		rm -f /var/db/entropy
+		if touch /var/db/entropy ; then
+			entropy_file_confirmed=/var/db/entropy
+		fi
+	fi
+	case ${entropy_file_confirmed} in
+	'')
+		echo "ERROR: entropy file write failed"
+		;;
+	*)
+		dd if=/dev/random of=${entropy_file_confirmed} \
 		   bs=4096 count=1 2> /dev/null
+		;;
+	esac
 	umask ${oumask}
 	;;
 esac