When trying to enter the Special:UserLogin page, this error will come up. This blocks from ANYONE from signing-in and signing-up
Fatal error: mcrypt_create_iv() [<a href='function.mcrypt-create-iv'>function.mcrypt-create-iv</a>]: Could not gather sufficient random data in D:\Hosting\11901580\html\wiki\includes\CryptRand.php on line 313
Version: 1.21.x
Severity: critical
See Also:
https://bugzilla.wikimedia.org/show_bug.cgi?id=35894
I have solved this issue.
Locate the file includes/CryptRand.php.
Find the following line 313 (for me):
$iv = mcrypt_create_iv( $rem, MCRYPT_DEV_URANDOM );
Change it to:
$iv = mcrypt_create_iv( $rem, MCRYPT_RAND );
(In reply to comment #1)
I have solved this issue.
Locate the file includes/CryptRand.php.
Find the following line 313 (for me):$iv = mcrypt_create_iv( $rem, MCRYPT_DEV_URANDOM );
Change it to:
$iv = mcrypt_create_iv( $rem, MCRYPT_RAND );
Please DO NOT do this. MCRYPT_RAND uses rand() which is NOT cryptographically secure. By changing that value to MCRYPT_RAND you eliminate the entire security feature turning CryptRand into an insecure pesudo-random number generator and re-opening yourself up to security vulnerabilities.
You are much MUCH better off taking the line:
if ( function_exists( 'mcrypt_create_iv' ) ) {
And changing it to:
if ( false ) {
This will simply make CryptRand skip over attempting to use mcrypt_create_iv. If openssl_random_pseudo_bytes is available it'll use that. Otherwise it'll fallback to our clock-dift based random number generator. Which is STILL more cryptographically secure than MCRYPT_RAND.
Would you mind reporting what version of PHP and version and build of Windows you are using. This bug is actually very specific to certain environment, there are other situations where this code works perfectly fine on Windows.
MediaWiki - 1.21.2
PHP - 5.3.6 (cgi-fcgi)
MySQL - 5.0.96-log
The build of windows is not very specific but the hosting provider is godaddy.