Bug #52523 [Opn]: mcrypt_create_iv not reliable on win: "Could not gather sufficient random data"

Tue, 03 Aug 2010 07:05:20 -0700 

Edit report at http://bugs.php.net/bug.php?id=52523&edit=1

 ID:                 52523
 User updated by:    php-bugs at thequod dot de
 Reported by:        php-bugs at thequod dot de
 Summary:            mcrypt_create_iv not reliable on win: "Could not
                     gather sufficient random data"
 Status:             Open
 Type:               Bug
 Package:            mcrypt related
 Operating System:   Windows XP
 PHP Version:        5.3.3
 Block user comment: N

 New Comment:

Yes, I expect it to be blocking, at least for a certain amount of time
(why not for the maximum execution time?).



While the endless loop is unrealistic of course, it's only meant for
demonstration; it may fail with the first call already, according to the
following (cygwin code):

  while php -r "if( mcrypt_create_iv(16, MCRYPT_DEV_RANDOM) === false )
exit(1);"; do ; done


Previous Comments:
------------------------------------------------------------------------
[2010-08-03 15:55:44] [email protected]

It is reliable as it fits in the mcrypt main goal, crypto safe output.



However, do you expect it to be blocking like /dev/random? By blocking
that means it won't return until it gets the requested amount of random
data.



I'd to say that this example is not realistic at all, or nobody should
do that in a real world application. It is important to keep in mind
that an app will do it once per request for example, allowing the system
seed the random sources again between calls. That's almost not possible
in your example and that defeats the whole idea behind such functions.

------------------------------------------------------------------------
[2010-08-03 13:37:47] php-bugs at thequod dot de

Description:
------------
mcrypt_create_iv (or likely rather the underlying function
php_win32_get_random_bytes) is not reliable on Windows with
MCRYPT_DEV_RANDOM/MCRYPT_DEV_URANDOM.



Since 5.3.0 MCRYPT_DEV_RANDOM and MCRYPT_DEV_URANDOM became available on
Windows platforms. (http://php.net/mcrypt_create_iv)



MCRYPT_RAND will still works, as with PHP prior to 5.3.0.

Test script:
---------------
The following code should loop forever, but does not do so on Windows
(XP and Windows 7):



  php -r "$i=0; while( mcrypt_create_iv(16) !== false ) {echo
($i++).'.';};"



Expected result:
----------------
Infinite loop.

Actual result:
--------------
0.1.2.3.4.5.6.7.8.9.10.11.12.13.14.15.16.17.

Fatal error: mcrypt_create_iv(): Could not gather sufficient random data
in Command line code on line 1




------------------------------------------------------------------------



-- 
Edit this bug report at http://bugs.php.net/bug.php?id=52523&edit=1

Reply via email to