Edit report at https://bugs.php.net/bug.php?id=63146&edit=1
ID: 63146 Updated by: paj...@php.net Reported by: larue...@php.net Summary: Use /dev/urandom as default random pool dev Status: Open Type: Feature/Change Request Package: mcrypt related Operating System: Linux PHP Version: 5.4.7 Block user comment: N Private report: N New Comment: hi! mcrypt extensions is about crypto safe usage. /dev/random is crypto safe, /dev/urandom is only good enough for password generations and the like. However I totally agree that we should document the possible blocking behavior. It is already mentioned in the notes, but better if we have a warning/notice on that page. Previous Comments: ------------------------------------------------------------------------ [2012-09-24 04:45:44] ahar...@php.net Given it's a cryptographic function, I think we should continue to use /dev/random, but we could document more clearly that the default behaviour may block until more entropy is available. ------------------------------------------------------------------------ [2012-09-24 04:27:26] larue...@php.net Description: ------------ Hey, mcrypt_create_iv use /dev/random as the default random dev, this will cause some unexpected issues for new users. see: " nils at nm dot cx 19-Jun-2012 12:26 If you use /dev/random you need a well filled entropy pool or the application will block until enough good entropy comes available " http://us.php.net/manual/en/function.mcrypt-create-iv.php Test script: --------------- none Expected result: ---------------- none Actual result: -------------- none ------------------------------------------------------------------------ -- Edit this bug report at https://bugs.php.net/bug.php?id=63146&edit=1
