|
Posted by Richard Lynch on 03/01/05 21:00
Murray @ PlanetThoughtful wrote:
> I'm just beginning to experiment with encryption using the mcrypt
> functions
> and I'm wondering if anyone can tell me if it's normal that the following
> code always returns the same value whenever executed on my system (PHP
> 5.0.3, WinXP, mcrypt 2.5.7):
>
> $td = mcrypt_module_open('rijndael-256','','cbc','');
>
> srand((double) microtime() * 1000000);
>
> $iv = mcrypt_create_iv(mcrypt_enc_get_iv_size($td),MCRYPT_RAND);
>
> I was under the impression that the value in $iv should be random, whereas
> on my machine it always seems to be the same value.
>
> For the time being I have replaced the $iv = mcrypt_create_iv(.) etc line
> with:
>
> $iv = md5(uniqid(rand(), true));
>
> This, at least, returns a random (random-esque?) 32 char string, but
> because
> I don't know a great deal about encryption, I don't know if the value
> returned by mcrypt_create_iv() results in stronger encryption than this or
> not.
>
> Can anyone help me understand why the code at top would return the same
> value over and over, and also whether or not using a 32 char string
> generated by "md5(uniqid(rand(), true))" is suitable to use in place of a
> value returned by mcrypt_create_iv() or if there is something inherently
> wrong in doing so?
Can't help you with the actual question, but since you've posted it twice,
I'm assuming you've got no answers yet.
See if you can get just plain old http://php.net/rand to seem random or if
it always pops out the same numbers.
I suggest you check with the Windows list, and possibly try some
Encryption forums.
If all else fails, file it as a bug report at http://bugs.php.net/
--
Like Music?
http://l-i-e.com/artists.htm
Navigation:
[Reply to this message]
|