RandomLib Deprecated warnings on PHP 7.1

When running RandomLib 1.2.0 under PHP 7.1, the following warning appears:

Function mcrypt_module_open() is deprecated

https://wiki.php.net/rfc/mcrypt-viking-funeral

Oct 17 '16 15:10 shadowhand

Hi, Any idea when this will be fixed?

Nov 03 '16 14:11 byrnedo

Sounds like never, since random_bytes effectively replaces it.

Nov 03 '16 14:11 shadowhand

Sorry, how do you mean?

Edit: Ah ok, you mean effectively replaces this lib in 7+?

Nov 03 '16 14:11 byrnedo

It doesn't generate as much variation, but this works equally well:

$length = 32;
$random = substr(bin2hex(random_bytes($length)), 0, $length);

Nov 03 '16 16:11 shadowhand

Please fix this...

Jan 08 '17 15:01 it-can

Please fix it !

Jan 11 '17 16:01 abada

+1

Jan 24 '17 13:01 romeritoCL

+1

Jan 24 '17 14:01 JanisGruzis

+1

Feb 11 '17 14:02 codeator

+1

Feb 23 '17 13:02 wernersbacher

I was also stuck with this and had to make it working ASAP. I'm no-way a security specialist - I only have a vague idea of what I'm doing. Improvements are welcome.

OpenSSLMixer.php

Feb 23 '17 21:02 spidgorny

+1

Mar 09 '17 11:03 mosiyash

Somehow, my error_reporting is set to -1, even though my php.ini shows E_ALL & ~E_DEPRECATED. Might be the issue for other people who can't continue with this...

Apr 05 '17 08:04 Tjab

In PHP 7.2, the mcrypt library will be removed from core completely. There is a PECL extension for mcrypt, but you cannot install it on PHP 7.1, so you're left with a deprecation warning until 7.2.

We should update this lib to check for the extension and only provide mcrypt if the extension is present.

Apr 05 '17 15:04 ramsey

I've just opened this request on bugs.php.net to ask that pecl/mcrypt be installable on PHP 7.1. https://bugs.php.net/bug.php?id=74375

Apr 05 '17 15:04 ramsey

Another one warning "Function mcrypt_enc_get_iv_size() is deprecated" in AbstractMcryptMixer.php at line 77

Apr 27 '17 07:04 vlyagusha

+1

May 05 '17 15:05 techi602

+1000000000

Jun 29 '17 10:06 levelfivehub

I had to abandon this library and use openssl_random_pseudo_bytes

Jun 29 '17 11:06 techi602

+1

Aug 04 '17 20:08 SamuelMoraesF

+1

Aug 08 '17 12:08 jazithedev

@techi602 Might not be a good idea. https://github.com/ramsey/uuid/issues/80

See https://packagist.org/packages/paragonie/random_compat instead.

Aug 13 '17 19:08 paragonie-scott

If we change https://github.com/ircmaxell/RandomLib/blob/master/lib/RandomLib/AbstractMcryptMixer.php#L67 to

return version_compare(PHP_VERSION, '7.1') < 0 && extension_loaded('mcrypt');

would that fix it?

Aug 16 '17 03:08 pavarnos

Any progress with this one ?

Sep 24 '17 15:09 tarlepp

A lot of people are using this package. It is so sad that it is not working any more.

Oct 05 '17 19:10 the94air

I'm debating forking it. It's been nigh impossible to get any feedback from Anthony for... going on a year now... from any venue or channel.

Oct 05 '17 19:10 paragonie-scott

I found an alternative here https://github.com/antonioribeiro/random. He is using random_bytes() and random_int()

Oct 05 '17 20:10 the94air

@ircmaxell any updates with this ?

Oct 05 '17 20:10 tarlepp

In the off-chance that it takes months or years before we hear back from @ircmaxell, I've gone ahead with a fork of this library.

https://github.com/paragonie/RandomLib

It solves this issue, by not loading mcrypt at all on PHP 7.1 and higher. Instead, the kernel's CSPRNG is preferred.

Oct 05 '17 22:10 paragonie-scott

I have commit/merge access on this library, and I’ll be happy to review and merge in any PR to address this that doesn’t break BC.

Oct 05 '17 23:10 ramsey

RandomLib RandomLib copied to clipboard

Deprecated warnings on PHP 7.1

RandomLib
RandomLib copied to clipboard