ID: 32157 Updated by: [EMAIL PROTECTED] Reported By: murray at planetthoughtful dot org -Status: Open +Status: Feedback Bug Type: mcrypt related Operating System: WindowsXP PHP Version: 5.0.3 New Comment:
Please try using this CVS snapshot: http://snaps.php.net/php5-STABLE-latest.tar.gz For Windows: http://snaps.php.net/win32/php5.0-win32-latest.zip Previous Comments: ------------------------------------------------------------------------ [2005-03-01 22:42:45] murray at planetthoughtful dot org Description: ------------ For some reason, using mcrypt_create_iv on my system (WinXP, Apache 1.3.28, PHP 5.0.3, mcrypt 2.5.7) usually returns the same value (specifically, when base64_encoded, the value "qSqamZGHYAIBHnH8KiVcFwNNgrXbLL7R5Fl6lc4xjwA=") each time called, with some exceptions. Exceptions: if the code I have included is executed on my machine again before approx 15 seconds has elapsed, another number, also fitting into an expected value, is returned. To explain: If I execute the code below once, then wait 15 or 16 seconds, it will return the same value both times, ie "qSqamZGHYAIBHnH8KiVcFwNNgrXbLL7R5Fl6lc4xjwA=". If I execute the code, then a second later I execute the code again, then a second later I execute the code a third time, THEN I wait 15 seconds and repeat the execution 3 times, I will get the following base64_encoded values: qSqamZGHYAIBHnH8KiVcFwNNgrXbLL7R5Fl6lc4xjwA= DqwXXwbWS0Nkm/7+18Y12zx1JIns87nfTITMx5oOWXI= pytYv/yDzGw5JlyRm7timBu98nR3vTR7udWwlUVG6gI= qSqamZGHYAIBHnH8KiVcFwNNgrXbLL7R5Fl6lc4xjwA= DqwXXwbWS0Nkm/7+18Y12zx1JIns87nfTITMx5oOWXI= pytYv/yDzGw5JlyRm7timBu98nR3vTR7udWwlUVG6gI= Obviously I have no idea why waiting approx 15 seconds restarts the cycle, but the net effect of this is that I generally end up with an $iv value of "qSqamZGHYAIBHnH8KiVcFwNNgrXbLL7R5Fl6lc4xjwA=", since there is usually a much longer period between requests to create an initialization vector value than 15 seconds (at least, it's usually much longer between in the site I have designed). I hope this makes sense -- if not, please email me and I will try to provide what information I can. Note: I also tried "srand((double) microtime() * 1000000);" instead of just "srand();" in case srand() was not being initialized properly for MCRYPT_RAND, but this made no difference. Reproduce code: --------------- $td = mcrypt_module_open('rijndael-256','','cbc',''); srand(); $iv = mcrypt_create_iv(mcrypt_get_iv_size('rijndael-256','cbc'), MCRYPT_RAND); echo base64_encode($iv)."<br>"; Expected result: ---------------- I expect $iv to be a different (ie random) value each time the code is run. Actual result: -------------- If run approx 15 seconds apart, $iv will always be the same. if run more frequently than 15 seconds apart, the value will follow an expected progression, rather than being truly random. ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=32157&edit=1
