[PHP] md5(uniqid) makes sense for random unique tokens?
Posted
by Exception e
on Stack Overflow
See other posts from Stack Overflow
or by Exception e
Published on 2010-04-07T15:38:59Z
Indexed on
2010/04/07
15:43 UTC
Read the original article
Hit count: 239
I want to create a token generator that generates tokens that cannot be guessed by the user and that are still unique (to be used for password resets and confirmation codes).
I often see this code; does it make sense?
md5(uniqid(rand(), true));
According to a comment uniqid($prefix, $moreEntopy = true)
yields
first 8 hex chars = Unixtime, last 5 hex chars = microseconds.
I don't know how the $prefix
-parameter is handled..
So if you don't set the $moreEntopy flag to true, it gives a predictable outcome.
QUESTION: But if we use uniqid
with $moreEntopy
, what does hashing it with md5 buy us? Is it better than:
md5(mt_rand())
© Stack Overflow or respective owner