Page 1 of 1

MYCRYPT and srand() on Windows

Posted: Sun Jun 15, 2008 11:19 pm
by mpetrovich
I am working with Mycrypt, on my local Windows XP machine, running XAMPP, PHP 5.2.0, MCRYPT 2.5.7. I cannot get srand() to affect the generation of the IV. The code below should produce two identical lines. It does work on a Linux server running PHP 5.2.5, but not locally.

Code: Select all

<?php
$td = mcrypt_module_open(MCRYPT_RIJNDAEL_256, '', MCRYPT_MODE_CFB, '');  // open module
 
srand(12345);
$iv = mcrypt_create_iv(mcrypt_enc_get_iv_size($td), MCRYPT_RAND);
echo 'iv1 = ', base64_encode($iv), 'rand=', rand(), '<br />';
 
srand(12345);
$iv = mcrypt_create_iv(mcrypt_enc_get_iv_size($td), MCRYPT_RAND);
echo 'iv2 = ', base64_encode($iv), 'rand=', rand(), '<br />';
mcrypt_module_close($td);  // close module
?>
 
 
Any thoughts?

Re: MYCRYPT and srand() on Windows

Posted: Mon Jun 16, 2008 1:50 am
by Rovas
There are different version of PHP between the machines, are you sure that MCRYPT library version is the same?
I ask because sometimes different versions of php don' t work with the same version of a library under Linux (mostly with the newer versions). It' s also possible that under Windows Mcrypt didn' t install properly. Try reinstalling mcrypt if you haven' t.
Put in the code some messages to see what number is randomly selected to see where the problem is.

Re: MYCRYPT and srand() on Windows

Posted: Mon Jun 16, 2008 2:15 am
by mpetrovich
Thanks for the reply. I now have two Linux servers I have tried this on, and both work. I just added the MCRYPT module to a 5.1.6 server, and that is working fine.

Both the Linux servers and my local machine have the same library MCRYPT version number: 2.5.7. I was wondering if the srand() has any effect on the MCRYPT_RAND? All the documentation says to use srand() before generating the IV, so it is supposed to work. For some reason locally, it does not work. So, maybe you are correct, in that I have either a bad MCRYPT library or some other corruption, or something I am overlooking. I'll see what I can do to reinstall or upgrade the system

Re: MYCRYPT and srand() on Windows

Posted: Mon Jun 16, 2008 8:36 am
by Ambush Commander
If I remember correctly, the implementation for PHP's Mersenne Twister changed slightly between PHP versions not too long ago. See this link: http://bugs.php.net/bug.php?id=40724

I don't know if this affects mcrypt, but this might be the culprit. Anyway, I can reproduce, so you're not alone. My suggestion to you is to upgrade your systems to post PHP 5.2.1.

Re: MYCRYPT and srand() on Windows

Posted: Mon Jun 16, 2008 8:27 pm
by mpetrovich
Anyway, I can reproduce, so you're not alone.
It is always nice to know I am not alone, and that it is not just me suffering the wrath of the computer gods. :D

I upgraded to the latest PHP release (5.2.6) and NOW it runs fine. There must have been a bug in 5.2.0 or one of the modules.

Thanks!

Re: MYCRYPT and srand() on Windows

Posted: Mon Jun 16, 2008 8:42 pm
by John Cartwright
mpetrovich wrote:There must have been a bug in 5.2.0 or one of the modules.

Re: MYCRYPT and srand() on Windows

Posted: Mon Jun 16, 2008 9:16 pm
by mpetrovich
The bug discussion dealt with mt_rand(), and I was using srand(), but it must have been something similar. The bug pertains to setting a seed and seeing different results from PHP version to version. The problem here was a little different. It seemed like the seed did not get set at all. But, after I upgraded, it does seem to be working.

Now, I do get different values for IV from the Windows version (php 5.2.6) than from the Linux versions (5.1.6 and 5.2.6) which produce the same results. That is actually OK for now, for my current purposes.