MCRYPT_DEV_RANDOM冻结,但MCRYPT_DEV_URANDOM有效 [英] MCRYPT_DEV_RANDOM freezes but MCRYPT_DEV_URANDOM works
问题描述
我正在尝试使用以下功能创建IV:
mcrypt_create_iv(32, MCRYPT_DEV_RANDOM)
这将导致脚本在超过60秒后超时. (也许更多?),但是当我使用URANDOM时,它几乎可以立即工作.从我阅读的内容来看,使用MCRYPT_DEV_RANDOM大约需要4秒钟,但是肯定花费了很长时间.错误日志中没有任何内容.
我将它与apache2和php5一起安装在ubuntu 12.04服务器上.
我已经在我的centos服务器上运行了完全相同的代码,而没有任何问题.
我(错误地)认为RANDOM源是用户可控制的,但看来并非如此.显然,那台计算机上没有发生太多事情,因此内核熵生成器什么也没找到.
从好的方面来说,据说URANDOM生成器非常好,几乎所有东西都推荐使用.
(我正在编辑我的一些先前的建议,这些建议对您不起作用,因为它们至少需要重新编译PHP).
I am trying to create an IV with the function:
mcrypt_create_iv(32, MCRYPT_DEV_RANDOM)
this causes the script to time out after more than 60 seconds. (maybe more?) but when I use URANDOM, it works fine almost instantly. From what I read it should take about 4 seconds with MCRYPT_DEV_RANDOM, but it is definitely taking too long. There is nothing in the error log.
I have it installed with apache2 and php5 on an ubuntu 12.04 server.
I have run the exact same code on my centos server without issues.
Both RANDOM and Unblocking-RANDOM (URANDOM) will supply you random data, but while RANDOM will block if the "entropy well" dries due to over-use, and restart when it has been replenished, URANDOM won't.
Pro: URANDOM won't block. Con: URANDOM, if left without entropy, will feed you not-really-so-random data.
For crypto purposes, unless you're really paranoid, I think that URANDOM should suffice.
See this Ubuntu page: http://manpages.ubuntu.com/manpages/jaunty/man4/random.4.html
I (wrongly) thought that the RANDOM sources were user-controllable, but it appears they aren't. Apparently, nothing much is happening on that computer, so that the kernel entropy generator finds nothing to grind.
On the plus side, the URANDOM generator is said to be very good and is recommended for practically everything.
(I'm editing out some previous suggestions of mine that wouldn't work for you, since they would require, at the very least, a recompilation of PHP).
这篇关于MCRYPT_DEV_RANDOM冻结,但MCRYPT_DEV_URANDOM有效的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
