[PHP] mcrypt_create_iv always returns same value?
Hello All,
I'm just beginning to experiment with encryption using the mcrypt functions
and I'm wondering if anyone can tell me if it's normal that the following
code always returns the same value whenever executed on my system (PHP
5.0.3, WinXP, mcrypt 2.5.7):
$td = mcrypt_module_open('rijndael-256','','cbc','');
srand((double) microtime() * 100);
$iv = mcrypt_create_iv(mcrypt_enc_get_iv_size($td),MCRYPT_RAND);
I was under the impression that the value in $iv should be random, whereas
on my machine it always seems to be the same value.
For the time being I have replaced the $iv = mcrypt_create_iv(.) etc line
with:
$iv = md5(uniqid(rand(), true));
This, at least, returns a random (random-esque?) 32 char string, but because
I don't know a great deal about encryption, I don't know if the value
returned by mcrypt_create_iv() results in stronger encryption than this or
not.
Can anyone help me understand why the code at top would return the same
value over and over, and also whether or not using a 32 char string
generated by md5(uniqid(rand(), true)) is suitable to use in place of a
value returned by mcrypt_create_iv() or if there is something inherently
wrong in doing so?
Many thanks in advance!
Murray
Re: [PHP] mcrypt_create_iv always returns same value?
Murray @ PlanetThoughtful wrote:
I'm just beginning to experiment with encryption using the mcrypt
functions
and I'm wondering if anyone can tell me if it's normal that the following
code always returns the same value whenever executed on my system (PHP
5.0.3, WinXP, mcrypt 2.5.7):
$td = mcrypt_module_open('rijndael-256','','cbc','');
srand((double) microtime() * 100);
$iv = mcrypt_create_iv(mcrypt_enc_get_iv_size($td),MCRYPT_RAND);
I was under the impression that the value in $iv should be random, whereas
on my machine it always seems to be the same value.
For the time being I have replaced the $iv = mcrypt_create_iv(.) etc line
with:
$iv = md5(uniqid(rand(), true));
This, at least, returns a random (random-esque?) 32 char string, but
because
I don't know a great deal about encryption, I don't know if the value
returned by mcrypt_create_iv() results in stronger encryption than this or
not.
Can anyone help me understand why the code at top would return the same
value over and over, and also whether or not using a 32 char string
generated by md5(uniqid(rand(), true)) is suitable to use in place of a
value returned by mcrypt_create_iv() or if there is something inherently
wrong in doing so?
Can't help you with the actual question, but since you've posted it twice,
I'm assuming you've got no answers yet.
See if you can get just plain old http://php.net/rand to seem random or if
it always pops out the same numbers.
I suggest you check with the Windows list, and possibly try some
Encryption forums.
If all else fails, file it as a bug report at http://bugs.php.net/
--
Like Music?
http://l-i-e.com/artists.htm
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] mcrypt_create_iv always returns same value?
Hello All,
Just beginning to experiment with encryption using the mcrypt library and
I'm wondering if anyone can tell me if it's normal that the following code
always seems to return exactly the same value whenever executed on my
system:
$td =
mcrypt_module_open('rijndael-256','','cbc','');
srand((double) microtime() * 100);
$iv = mcrypt_create_iv(mcrypt_enc_get_iv_size($td),
MCRYPT_RAND);
I was under the impression that the value in $iv should be different each
time this code is called, but for some reason it isn't?
Any help appreciated.
Much warmth,
Murray
http://www.planetthoughtful.org/ http://www.planetthoughtful.org
Building a thoughtful planet,
One quirky comment at a time.
