Hello All,
I'm just beginning to experiment with encryption using the mcrypt functions
and I'm wondering if anyone can tell me if it's normal that the following
code always returns the same value whenever executed on my system (PHP
5.0.3, WinXP, mcrypt 2.5.7):
$td = mcrypt_module_open('rijndael-256','','cbc','');
srand((double) microtime() * 1000000);
$iv = mcrypt_create_iv(mcrypt_enc_get_iv_size($td),MCRYPT_RAND);
I was under the impression that the value in $iv should be random, whereas
on my machine it always seems to be the same value.
For the time being I have replaced the $iv = mcrypt_create_iv(.) etc line
with:
$iv = md5(uniqid(rand(), true));
This, at least, returns a random (random-esque?) 32 char string, but because
I don't know a great deal about encryption, I don't know if the value
returned by mcrypt_create_iv() results in stronger encryption than this or
not.
Can anyone help me understand why the code at top would return the same
value over and over, and also whether or not using a 32 char string
generated by "md5(uniqid(rand(), true))" is suitable to use in place of a
value returned by mcrypt_create_iv() or if there is something inherently
wrong in doing so?
Many thanks in advance!
Murray
