Today's Question:  What are you most afraid of as a programmer?        GIVE A SHOUT

Technical Article => Web =>  PHP

One reason why mcrypt responds slowly

  Peter      2012-09-27 12:03:16      6,855    8    0

This morning one colleague came over and talked about one script which used mcrypt responded very slowly, the server configurations are fine. But the reason for the slowness is unknown.

Here is one script which reproduces the issue:

$dmcryptText = "dummy";
$key = "foobar";
$size = mcrypt_get_iv_size(MCRYPT_BLOWFISH,MCRYPT_MODE_ECB);
$iv = mcrypt_create_iv($size); //Take care
$m = mcrypt_ecb(MCRYPT_BLOWFISH, $key, $dmcryptText, MCRYPT_DECRYPT, $iv);

When 20 requests of this script are sent to the server in parallel, the response time of Apache server increases rapidly.

The reason for the slowness is illustrated below.

If no argument is specified for mcrypt_create_iv(), it will use /dev/random(on Linux) by default as a random number generator. The problem of /dev/random is that its random pool depends on the system interrupts, when there is not enough system interrupts, it cannot generate enough random numbers, then the process which tries to get the random numbers will wait and hang. Let's look at a simple example.

$ dd if=/dev/random bs=1024k count=1

When the system is busy, the output speed will be very slow, sometimes there will be pause.

The solution is using /dev/urandom instead of /dev/random, /dev/urandom is also a random number generator but it doesn't depend on system interrupts to generate the random numbers.

$dmcryptText = "dummy";
$key = "foobar";
$size = mcrypt_get_iv_size(MCRYPT_BLOWFISH,MCRYPT_MODE_ECB);
$iv = mcrypt_create_iv($size, MCRYPT_DEV_URANDOM); //Take care
$m = mcrypt_ecb(MCRYPT_BLOWFISH, $key, $dmcryptText, MCRYPT_DECRYPT, $iv);

The reason why using /dev/random as default is that /dev/urandom is predictable in theory, so generally /dev/random is safer than /dev/urandom. See /dev/random for details.

Reference :



Share on Facebook  Share on Twitter  Share on Google+  Share on Weibo  Share on Reddit  Share on Digg  Share on Tumblr    Delicious



Anonymous [Reply]@ 2016-04-05 02:14:58

Thanks it worked for me :)

Ke Pi [Reply]@ 2016-04-05 04:25:24

Glad to hear about this

Anonymous [Reply]@ 2016-06-23 04:24:14

After 2 nights of banging my head against the wall, this solved my problem, thank you !

Ke Pi [Reply]@ 2016-06-23 08:45:41

Glad to hear about this

Anonymous [Reply]@ 2016-10-18 10:27:02

Thanks! It was really helpful. It help me to understand my problem and solved! Thanks so much :D

Arvids [Reply]@ 2016-10-18 11:23:51

Using mcrypt these days in any shape or form is irresponsible at best. It is abandoned for more than 10 years. has glaring issues and is in the process of being dropped completely. Switch to alternatives.

Ke Pi [Reply]@ 2016-10-18 11:37:56

For alternatives, you are referring to OpenSSL?

Anonymous [Reply]@ 2016-10-18 14:11:58

Why are you using Blowfish in ECB mode?


Nesting if-else in Skype source code

By sonic0002
One piece of source code of Skype. Is this code snippet written by interns?