Last modified: 2014-06-23 16:07:07 UTC
When trying to enter the Special:UserLogin page, this error will come up. This blocks from ANYONE from signing-in and signing-up Fatal error: mcrypt_create_iv() [<a href='function.mcrypt-create-iv'>function.mcrypt-create-iv</a>]: Could not gather sufficient random data in D:\Hosting\11901580\html\wiki\includes\CryptRand.php on line 313
I have solved this issue. Locate the file includes/CryptRand.php. Find the following line 313 (for me): $iv = mcrypt_create_iv( $rem, MCRYPT_DEV_URANDOM ); Change it to: $iv = mcrypt_create_iv( $rem, MCRYPT_RAND );
*** This bug has been marked as a duplicate of bug 44142 ***
*** This bug has been marked as a duplicate of bug 35894 ***
(In reply to comment #1) > I have solved this issue. > > > Locate the file includes/CryptRand.php. > Find the following line 313 (for me): > > $iv = mcrypt_create_iv( $rem, MCRYPT_DEV_URANDOM ); > > Change it to: > > $iv = mcrypt_create_iv( $rem, MCRYPT_RAND ); Please DO NOT do this. MCRYPT_RAND uses rand() which is NOT cryptographically secure. By changing that value to MCRYPT_RAND you eliminate the entire security feature turning CryptRand into an insecure pesudo-random number generator and re-opening yourself up to security vulnerabilities. You are much MUCH better off taking the line: if ( function_exists( 'mcrypt_create_iv' ) ) { And changing it to: if ( false ) { This will simply make CryptRand skip over attempting to use mcrypt_create_iv. If openssl_random_pseudo_bytes is available it'll use that. Otherwise it'll fallback to our clock-dift based random number generator. Which is STILL more cryptographically secure than MCRYPT_RAND.
Yea I just realized that and quickly reverted my change. Thank you!
Would you mind reporting what version of PHP and version and build of Windows you are using. This bug is actually very specific to certain environment, there are other situations where this code works perfectly fine on Windows.
MediaWiki - 1.21.2 PHP - 5.3.6 (cgi-fcgi) MySQL - 5.0.96-log The build of windows is not very specific but the hosting provider is godaddy.