PHP-CryptLib icon indicating copy to clipboard operation
PHP-CryptLib copied to clipboard
verified publisher icon ircmaxell

Word to the wise - live sites, high demand

Open adaddinsane opened this issue 8 years ago • 2 comments

If this library is used in a high traffic site with lots of calls, the "Microtime" random source will cause a hang-up since it initiates garbage collection on every call. Of course it doesn't show up until the traffic reaches a certain point.

Yes, we were that site.

Luckily, being the cautious type, I had a failsafe config switch to revert to the previous method without having to redeploy (it's a big site generating pots of cash, the management don't like taking it down).

The solution is to remove it since there's no way of configuring which sources to use.

adaddinsane avatar Feb 28 '17 09:02 adaddinsane

@adaddinsane there is 100% a way of configuring which sources to use. Simply construct the object yourself instead of using the factory. If you know your runtime environment and needs (which it sounds like you do), then the factory serves no purpose other than saving a few lines of code.

$generator = new Generator(
    [...sources...],
    new Mixer
);

Additionally, the "hangup" is intentional, as it provides a non-deterministic source of entropy. I can see that being a problem, so perhaps it's worth looking into other ways (or only using that source if no higher source exists or is functional).

ircmaxell avatar Feb 28 '17 14:02 ircmaxell

Sure i understand why it's there - just not helpful in my situation :-) no worries I didn't mean as a major criticism, I just wanted to put the note there in case someone else might run into the same thing.

On 28 February 2017 at 14:54, Anthony Ferrara [email protected] wrote:

@adaddinsane https://github.com/adaddinsane there is 100% a way of configuring which sources to use. Simply construct the object yourself instead of using the factory. If you know your runtime environment and needs (which it sounds like you do), then the factory serves no purpose other than saving a few lines of code.

$generator = new Generator( [...sources...], new Mixer );

Additionally, the "hangup" is intentional, as it provides a non-deterministic source of entropy. I can see that being a problem, so perhaps it's worth looking into other ways (or only using that source if no higher source exists or is functional).

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/ircmaxell/PHP-CryptLib/issues/4#issuecomment-283060483, or mute the thread https://github.com/notifications/unsubscribe-auth/AARxt3hhsuapzKNsVQItYHamlzHzI8Jhks5rhDUqgaJpZM4MOMK3 .

-- Steve Turnbull

Read my books http://bit.ly/steve-turnbull

adaddinsane avatar Feb 28 '17 14:02 adaddinsane