PHP :: Bug #39498 :: ext/mcrypt/mcrypt.c hardcoded to use /dev/random

Bug #39498	ext/mcrypt/mcrypt.c hardcoded to use /dev/random
Submitted:	2006-11-13 15:48 UTC	Modified:	2006-11-13 17:50 UTC
From:	mark at exonetric dot com	Assigned:
Status:	Not a bug	Package:	Performance problem
PHP Version:	4.4.4	OS:	Linux 2.6/Debian Etch
Private report:	No	CVE-ID:	None

View Developer Edit

[2006-11-13 15:48 UTC] mark at exonetric dot com

Description:
------------
mcrypt.c appears to be written to use /dev/random for entropy in all cases. As good entropy is a limited resource when obtained from /dev/random, code that makes frequent calls to mcrypt routines that require entropy can block waiting for entropy unexpectedly. 

 PHP_FUNCTION(mcrypt_create_iv) should be modified to permit configuration of /dev/random or /dev/urandom at least at compile time if not at run time.

Reproduce code:
---------------
any code that calls mcrypt routines frequently

Expected result:
----------------
if called frequently enough, will block waiting for entropy.

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2006-11-13 15:58 UTC] tony2001@php.net

You can use MCRYPT_DEV_URANDOM and get the data for /dev/urandom.

[2006-11-13 16:28 UTC] derick@php.net

http://no.php.net/mcrypt_create_iv

[2006-11-13 17:50 UTC] mark at exonetric dot com

right, i can see now there is some odd zend_parameter stuff that fiddles with the source variable directly. That's very non-intuitive and will teach me to read docs I suppose.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Sat Oct 25 22:00:01 2025 UTC