[PHP] md5(uniqid) makes sense for random unique tokens?

Posted by Exception e on Stack Overflow See other posts from Stack Overflow or by Exception e
Published on 2010-04-07T15:38:59Z Indexed on 2010/04/07 15:43 UTC
Read the original article Hit count: 239

Filed under:
|
|
|
|

I want to create a token generator that generates tokens that cannot be guessed by the user and that are still unique (to be used for password resets and confirmation codes).

I often see this code; does it make sense?

md5(uniqid(rand(), true));

According to a comment uniqid($prefix, $moreEntopy = true) yields

first 8 hex chars = Unixtime, last 5 hex chars = microseconds.

I don't know how the $prefix-parameter is handled..

So if you don't set the $moreEntopy flag to true, it gives a predictable outcome.


QUESTION: But if we use uniqid with $moreEntopy, what does hashing it with md5 buy us? Is it better than:

md5(mt_rand())

© Stack Overflow or respective owner

Related posts about security

Related posts about php