I need random_bytes for PHP 5.2.17. The environment has open_basedir restriction, preventing it to read /dev/urandom directly, so it falls through to using mcrypt_create_iv(). Here it fails due to the PHP version requirement of >=5.3.7. Using mcrypt_create_iv($size, MCRYPT_DEV_URANDOM) myself seems to work fine.

What is the reason for the PHP version restriction for mcrypt? The restriction is not further explained in the code comments and not even mentioned in RATIONALE.md.

I need random_bytes for PHP 5.2.17.

If you weren't aware: You're playing with fire by using an unsupported version of PHP. Is there really no chance of upgrading to a supported version?

The environment has open_basedir restriction, preventing it to read /dev/urandom directly, so it falls through to using mcrypt_create_iv().

We recommend adding :/dev/urandom to the end of the existing open_basedir configuration. Every web hosting provider has been willing to accommodate this change request, to date.

Here it fails due to the PHP version requirement of >=5.3.7. Using mcrypt_create_iv($size, MCRYPT_DEV_URANDOM) myself seems to work fine.

What is the reason for the PHP version restriction for mcrypt?

• https://bugs.php.net/bug.php?id=55169
• https://bugs.php.net/bug.php?id=69833

This discrepancy will be fixed in v1.4.2 and v2.0.10, but as the readme states:

Although this library should function in earlier versions of PHP, we will only
consider issues relevant to supported PHP versions.
If you are using an unsupported version of PHP, please upgrade as soon as possible.

I cannot stress this enough.

Thanks for reporting this issue.