问题
I am trying to create an IV with the function:
mcrypt_create_iv(32, MCRYPT_DEV_RANDOM)
this causes the script to time out after more than 60 seconds. (maybe more?) but when I use URANDOM
, it works fine almost instantly. From what I read it should take about 4 seconds with MCRYPT_DEV_RANDOM
, but it is definitely taking too long. There is nothing in the error log.
I have it installed with apache2 and php5 on an ubuntu 12.04 server.
I have run the exact same code on my centos server without issues.
回答1:
Both RANDOM and Unblocking-RANDOM (URANDOM) will supply you random data, but while RANDOM will block if the "entropy well" dries due to over-use, and restart when it has been replenished, URANDOM won't.
Pro: URANDOM won't block. Con: URANDOM, if left without entropy, will feed you not-really-so-random data.
For crypto purposes, unless you're really paranoid, I think that URANDOM should suffice.
See this Ubuntu page: http://manpages.ubuntu.com/manpages/jaunty/man4/random.4.html
I (wrongly) thought that the RANDOM sources were user-controllable, but it appears they aren't. Apparently, nothing much is happening on that computer, so that the kernel entropy generator finds nothing to grind.
On the plus side, the URANDOM generator is said to be very good and is recommended for practically everything.
(I'm editing out some previous suggestions of mine that wouldn't work for you, since they would require, at the very least, a recompilation of PHP).
回答2:
Actually both /dev/random and /dev/urandom give you the same randomness and security. There is a long story how the myth of the /dev/random blocks and why you should use it. Look for, "the myth of random/urandom"
来源:https://stackoverflow.com/questions/11173803/mcrypt-dev-random-freezes-but-mcrypt-dev-urandom-works