diff --git a/include/class.crypto.php b/include/class.crypto.php index 43954e64bb343c964ce704d9c580294d2176d058..92ab1e953f1b3786cac39e25e34acc7abfd59f9b 100644 --- a/include/class.crypto.php +++ b/include/class.crypto.php @@ -165,13 +165,17 @@ class Crypto { function random($len) { if(CRYPT_IS_WINDOWS) { - if (function_exists('mcrypt_create_iv') - && version_compare(PHP_VERSION, '5.3', '>=')) - return mcrypt_create_iv($len); - if (function_exists('openssl_random_pseudo_bytes') && version_compare(PHP_VERSION, '5.3.4', '>=')) return openssl_random_pseudo_bytes($len); + + // Looks like mcrypt_create_iv with MCRYPT_DEV_RANDOM is still + // unreliable on 5.3.6: + // https://bugs.php.net/bug.php?id=52523 + if (function_exists('mcrypt_create_iv') + && version_compare(PHP_VERSION, '5.3.7', '>=')) + return mcrypt_create_iv($len); + } else { if (function_exists('openssl_random_pseudo_bytes'))