ID: 32157 Comment by: chad at herballure dot com Reported By: murray at planetthoughtful dot org Status: No Feedback Bug Type: mcrypt related Operating System: WindowsXP PHP Version: 5.0.3 New Comment:
I can confirm that the IV is typically static despite usage of MCRYPT_RAND on Linux + Apache 2.0.58 + mcrypt 2.5.7 + PHP 5.1.[24]. The IV is different for the two PHP versions, but consistent within each. The differences between my code and the reproduce code above is that I am using blowfish in cbc mode, and I am not calling srand(). Previous Comments: ------------------------------------------------------------------------ [2005-03-20 18:11:02] [EMAIL PROTECTED] No feedback was provided. The bug is being suspended because we assume that you are no longer experiencing the problem. If this is not the case and you are able to provide the information that was requested earlier, please do so and change the status of the bug back to "Open". Thank you. ------------------------------------------------------------------------ [2005-03-04 16:40:48] [EMAIL PROTECTED] Please try using this CVS snapshot: http://snaps.php.net/php5-STABLE-latest.tar.gz For Windows: http://snaps.php.net/win32/php5.0-win32-latest.zip ------------------------------------------------------------------------ [2005-03-01 22:42:45] murray at planetthoughtful dot org Description: ------------ For some reason, using mcrypt_create_iv on my system (WinXP, Apache 1.3.28, PHP 5.0.3, mcrypt 2.5.7) usually returns the same value (specifically, when base64_encoded, the value "qSqamZGHYAIBHnH8KiVcFwNNgrXbLL7R5Fl6lc4xjwA=") each time called, with some exceptions. Exceptions: if the code I have included is executed on my machine again before approx 15 seconds has elapsed, another number, also fitting into an expected value, is returned. To explain: If I execute the code below once, then wait 15 or 16 seconds, it will return the same value both times, ie "qSqamZGHYAIBHnH8KiVcFwNNgrXbLL7R5Fl6lc4xjwA=". If I execute the code, then a second later I execute the code again, then a second later I execute the code a third time, THEN I wait 15 seconds and repeat the execution 3 times, I will get the following base64_encoded values: qSqamZGHYAIBHnH8KiVcFwNNgrXbLL7R5Fl6lc4xjwA= DqwXXwbWS0Nkm/7+18Y12zx1JIns87nfTITMx5oOWXI= pytYv/yDzGw5JlyRm7timBu98nR3vTR7udWwlUVG6gI= qSqamZGHYAIBHnH8KiVcFwNNgrXbLL7R5Fl6lc4xjwA= DqwXXwbWS0Nkm/7+18Y12zx1JIns87nfTITMx5oOWXI= pytYv/yDzGw5JlyRm7timBu98nR3vTR7udWwlUVG6gI= Obviously I have no idea why waiting approx 15 seconds restarts the cycle, but the net effect of this is that I generally end up with an $iv value of "qSqamZGHYAIBHnH8KiVcFwNNgrXbLL7R5Fl6lc4xjwA=", since there is usually a much longer period between requests to create an initialization vector value than 15 seconds (at least, it's usually much longer between in the site I have designed). I hope this makes sense -- if not, please email me and I will try to provide what information I can. Note: I also tried "srand((double) microtime() * 1000000);" instead of just "srand();" in case srand() was not being initialized properly for MCRYPT_RAND, but this made no difference. Reproduce code: --------------- $td = mcrypt_module_open('rijndael-256','','cbc',''); srand(); $iv = mcrypt_create_iv(mcrypt_get_iv_size('rijndael-256','cbc'), MCRYPT_RAND); echo base64_encode($iv)."<br>"; Expected result: ---------------- I expect $iv to be a different (ie random) value each time the code is run. Actual result: -------------- If run approx 15 seconds apart, $iv will always be the same. if run more frequently than 15 seconds apart, the value will follow an expected progression, rather than being truly random. ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=32157&edit=1
