Wildly different encryption times with php and mcrypt?

Question

I need some basic encryption tools for a site running on PHP 5.3.3 and CentOS 6.5. I'm currently using the Encryption class discussed in proper PHP mcrypt encryption methods? (accepted answer by @John-Conde). It works, but I'm getting very different encryption times for the same text: According to some instrumentation I've done, encrypting a hunk of 700 characters of lorem ipsum can take anywhere from 2 seconds to 38 seconds.

Does this make sense to anyone, and is there any advice about how to get these times down (or at least consistent)? I'd post my code, but it's really nothing more than what's on the previously mentioned SO page. A few things that might be mentioned:

• I'm creating a fresh instance of the Encryption class each time I do an encryption, but that doesn't seem to have any impact on the time: All the instance creation times are about the same; the substantive time differences are in the actual encryptions.

• My PHP installation is using mcrypt 2.5.8.

• I'm getting the same kinds of differences on two different servers -- a local development box and a DigitalOcean CentOS droplet. I built them the same way, of course, so perhaps that's not too surprising.

Any thoughts out there? Thanks!

Answer 1

Found it, I think, via mcrypt performance:

The encryption class mentioned above uses MCRYPT_DEV_RANDOM as its random generator. Unfortunately (this is me summarizing the article), if /dev/random's pool runs out, it'll block the process until it's filled up again. If you can live with slightly lower-quality randomness, /dev/urandom will be faster and won't have this problem. Thus a change in the class from MCRYPT_DEV_RANDOM to MCRYPT_DEV_URANDOM should make things better, and my tests so far suggest that's true.