[PHP] mcrypt_create_iv always returns same value?
Hello All, I'm just beginning to experiment with encryption using the mcrypt functions and I'm wondering if anyone can tell me if it's normal that the following code always returns the same value whenever executed on my system (PHP 5.0.3, WinXP, mcrypt 2.5.7): $td = mcrypt_module_open('rijndael-256','','cbc',''); srand((double) microtime() * 100); $iv = mcrypt_create_iv(mcrypt_enc_get_iv_size($td),MCRYPT_RAND); I was under the impression that the value in $iv should be random, whereas on my machine it always seems to be the same value. For the time being I have replaced the $iv = mcrypt_create_iv(.) etc line with: $iv = md5(uniqid(rand(), true)); This, at least, returns a random (random-esque?) 32 char string, but because I don't know a great deal about encryption, I don't know if the value returned by mcrypt_create_iv() results in stronger encryption than this or not. Can anyone help me understand why the code at top would return the same value over and over, and also whether or not using a 32 char string generated by md5(uniqid(rand(), true)) is suitable to use in place of a value returned by mcrypt_create_iv() or if there is something inherently wrong in doing so? Many thanks in advance! Murray
Re: [PHP] mcrypt_create_iv always returns same value?
Murray @ PlanetThoughtful wrote: I'm just beginning to experiment with encryption using the mcrypt functions and I'm wondering if anyone can tell me if it's normal that the following code always returns the same value whenever executed on my system (PHP 5.0.3, WinXP, mcrypt 2.5.7): $td = mcrypt_module_open('rijndael-256','','cbc',''); srand((double) microtime() * 100); $iv = mcrypt_create_iv(mcrypt_enc_get_iv_size($td),MCRYPT_RAND); I was under the impression that the value in $iv should be random, whereas on my machine it always seems to be the same value. For the time being I have replaced the $iv = mcrypt_create_iv(.) etc line with: $iv = md5(uniqid(rand(), true)); This, at least, returns a random (random-esque?) 32 char string, but because I don't know a great deal about encryption, I don't know if the value returned by mcrypt_create_iv() results in stronger encryption than this or not. Can anyone help me understand why the code at top would return the same value over and over, and also whether or not using a 32 char string generated by md5(uniqid(rand(), true)) is suitable to use in place of a value returned by mcrypt_create_iv() or if there is something inherently wrong in doing so? Can't help you with the actual question, but since you've posted it twice, I'm assuming you've got no answers yet. See if you can get just plain old http://php.net/rand to seem random or if it always pops out the same numbers. I suggest you check with the Windows list, and possibly try some Encryption forums. If all else fails, file it as a bug report at http://bugs.php.net/ -- Like Music? http://l-i-e.com/artists.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] mcrypt_create_iv always returns same value?
Hello All, Just beginning to experiment with encryption using the mcrypt library and I'm wondering if anyone can tell me if it's normal that the following code always seems to return exactly the same value whenever executed on my system: $td = mcrypt_module_open('rijndael-256','','cbc',''); srand((double) microtime() * 100); $iv = mcrypt_create_iv(mcrypt_enc_get_iv_size($td), MCRYPT_RAND); I was under the impression that the value in $iv should be different each time this code is called, but for some reason it isn't? Any help appreciated. Much warmth, Murray http://www.planetthoughtful.org/ http://www.planetthoughtful.org Building a thoughtful planet, One quirky comment at a time.