ID:               32157
 Updated by:       [EMAIL PROTECTED]
 Reported By:      murray at planetthoughtful dot org
-Status:           Feedback
+Status:           No Feedback
 Bug Type:         mcrypt related
 Operating System: WindowsXP
 PHP Version:      5.0.3
 New Comment:

No feedback was provided. The bug is being suspended because
we assume that you are no longer experiencing the problem.
If this is not the case and you are able to provide the
information that was requested earlier, please do so and
change the status of the bug back to "Open". Thank you.




Previous Comments:
------------------------------------------------------------------------

[2005-03-04 16:40:48] [EMAIL PROTECTED]

Please try using this CVS snapshot:

  http://snaps.php.net/php5-STABLE-latest.tar.gz
 
For Windows:
 
  http://snaps.php.net/win32/php5.0-win32-latest.zip



------------------------------------------------------------------------

[2005-03-01 22:42:45] murray at planetthoughtful dot org

Description:
------------
For some reason, using mcrypt_create_iv on my system (WinXP, Apache
1.3.28, PHP 5.0.3, mcrypt 2.5.7) usually returns the same value
(specifically, when base64_encoded, the value
"qSqamZGHYAIBHnH8KiVcFwNNgrXbLL7R5Fl6lc4xjwA=") each time called, with
some exceptions.

Exceptions: if the code I have included is executed on my machine again
before approx 15 seconds has elapsed, another number, also fitting into
an expected value, is returned.

To explain:

If I execute the code below once, then wait 15 or 16 seconds, it will
return the same value both times, ie
"qSqamZGHYAIBHnH8KiVcFwNNgrXbLL7R5Fl6lc4xjwA=". If I execute the code,
then a second later I execute the code again, then a second later I
execute the code a third time, THEN I wait 15 seconds and repeat the
execution 3 times, I will get the following base64_encoded values:

qSqamZGHYAIBHnH8KiVcFwNNgrXbLL7R5Fl6lc4xjwA=
DqwXXwbWS0Nkm/7+18Y12zx1JIns87nfTITMx5oOWXI=
pytYv/yDzGw5JlyRm7timBu98nR3vTR7udWwlUVG6gI=
qSqamZGHYAIBHnH8KiVcFwNNgrXbLL7R5Fl6lc4xjwA=
DqwXXwbWS0Nkm/7+18Y12zx1JIns87nfTITMx5oOWXI=
pytYv/yDzGw5JlyRm7timBu98nR3vTR7udWwlUVG6gI=

Obviously I have no idea why waiting approx 15 seconds restarts the
cycle, but the net effect of this is that I generally end up with an
$iv value of "qSqamZGHYAIBHnH8KiVcFwNNgrXbLL7R5Fl6lc4xjwA=", since
there is usually a much longer period between requests to create an
initialization vector value than 15 seconds (at least, it's usually
much longer between in the site I have designed).

I hope this makes sense -- if not, please email me and I will try to
provide what information I can.

Note: I also tried "srand((double) microtime() * 1000000);" instead of
just "srand();" in case srand() was not being initialized properly for
MCRYPT_RAND, but this made no difference.

Reproduce code:
---------------
$td = mcrypt_module_open('rijndael-256','','cbc','');
srand();
$iv = mcrypt_create_iv(mcrypt_get_iv_size('rijndael-256','cbc'),
MCRYPT_RAND);
echo base64_encode($iv)."<br>";


Expected result:
----------------
I expect $iv to be a different (ie random) value each time the code is
run.

Actual result:
--------------
If run approx 15 seconds apart, $iv will always be the same. if run
more frequently than 15 seconds apart, the value will follow an
expected progression, rather than being truly random.


------------------------------------------------------------------------


-- 
Edit this bug report at http://bugs.php.net/?id=32157&edit=1

Reply via email to