openssl_random_pseudo_bytes() is slow (PHP)

I'm using opennssl_random_pseudo_bytes() in PHP 开发者_StackOverflow中文版and it is performing ultra slowly. My application often timeouts (throws that execution time limit error). Is there a particular reason for OpenSSL random to be this slow? I'm using Windows 7 x86 currently on my developer machine.

---

On Windows, openssl_random_pseudo_bytes() calls OpenSSL's RAND_screen() to generate entropy. It's pretty slow, and PHP is hardly the first unix->windows port that has run up against this. It looks like the common advice is to use RAND_seed() instead.

It's also interesting to note that the OpenSSL documentation states:

The RAND_screen() function is available for the convenience of Windows programmers. It adds the current contents of the screen to the PRNG. For applications that can catch Windows events, seeding the PRNG by calling RAND_event() is a significantly better source of randomness. **It should be noted that both methods cannot be used on servers that run without user interaction**.

So this may actually be a certified bug - I've already raised the issue with the core devs. Until a better method for generating entropy for OpenSSL on Win32 becomes available, it appears that the short answer is "Yes, it's slow on Windows. Sorry about that."

Some additional links that discuss the problem:

Open Bug at rt.openssl.org
curl developers discuss alternative methods of collecting entropy on Win32
Google Groups archive of OpenSSL Users List discussing the slowness of RAND_poll() on Win32
Another discussion on the slowness of RAND_screen() on mail-archive.com's archive of OpenSSL Users

---

This was apparently a bug in PHP < 5.3.4.

Fixed possible blocking behavior in openssl_random_pseudo_bytes on Windows. (Pierre)

http://php.net/ChangeLog-5.php#5.3.4

---

It depends on how you run PHP. On my win7-64bit PHP5.3.27

1. Apache + PHP-CGI = It takes 600ms
2. Apache + PHP5 Module = It is instant