|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #70150 $iv = mcrypt_create_iv( $rem, MCRYPT_DEV_URANDOM ); times out
Submitted: 2015-07-27 07:24 UTC Modified: 2015-08-15 15:46 UTC
Avg. Score:5.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:0 (0.0%)
Same OS:0 (0.0%)
From: gessel at blackrosetech dot com Assigned:
Status: Duplicate Package: mcrypt related
PHP Version: 5.5.27 OS: FreeBSD 10.1-RELEASE #0 r285883
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
Block user comment
Status: Assign to:
Bug Type:
From: gessel at blackrosetech dot com
New email:
PHP Version: OS:


 [2015-07-27 07:24 UTC] gessel at blackrosetech dot com
From manual page:

MediaWiki's MWCryptRand.php calls  
 $iv = mcrypt_create_iv( $rem, MCRYPT_DEV_URANDOM );
This times out on FreeBSD without returning a value (even with max_execution_time set to 3000).  

modifying the call to 
  $iv = mcrypt_create_iv( $rem, MCRYPT_DEV_URANDOM|MCRYPT_RAND );
returns as expected, however, the MW dev is concerned that MCRYPT_RAND is not cryptographically secure, and that CC's note at is incorrect and that this piped construction will return "3" (rather than 0,1,2 or as Cory states, first attempt 1 and if that isn't available, try 2) and with "3" will always initialize with the crytographically insecure MCRYPT_RAND.

Test script:
$iv = mcrypt_create_iv( $rem, MCRYPT_DEV_URANDOM );


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2015-07-27 17:03 UTC]
MCRYPT_DEV_URANDOM|MCRYPT_RAND has the same behavior as
MCRYPT_RAND, i.e. the else clause[1] will be processed. I have
deleted Cory's note.

[1] <>
 [2015-08-15 15:46 UTC]
-Status: Open +Status: Duplicate
 [2015-08-15 15:46 UTC]
@gessel, please check the latest 5.6 or 7 branch/snapshot (no release yet). This is likely a duplicate of bug #69833.

PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Tue Feb 27 12:01:27 2024 UTC