Home/ Questions/Q 8484121
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-10T20:17:30+00:00

I have been writing some software that uses a random string to create a

  • 0

I have been writing some software that uses a “random” string to create a confirmation key hash for use in a URL. Trying to make it so the end user does not see the ID number of the request. For some time I have been using the crypt code on: http://blog.kevburnsjr.com/php-unique-hash which uses some golden primes and I am hashing the ID number of the request. My problem is that this 5 character hash is now being duplicated since switching from a 32 bit server to a 64 bit server.

Contemplating switching over to a base 36 encoding but this has the potential after 1 million entries to duplicate itself again. Not that I am planning on having 1 million entries but who knows. (Already up to 9600 entries after 3 years).

What would be the best way to create a “hash” to hide the main ID number of the request that would create a collision free environment?

At this point I am not worrying about length even though if it is 5 characters it could create collisions with what is there now.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    See one of the few useful PHP manual comments: http://www.php.net/manual/en/function.uniqid.php#94959 which generates a UUIDv4 compliant identifier.

    function v4()
{
    return sprintf('%04x%04x-%04x-%04x-%04x-%04x%04x%04x',

      // 32 bits for "time_low"
      mt_rand(0, 0xffff), mt_rand(0, 0xffff),

      // 16 bits for "time_mid"
      mt_rand(0, 0xffff),

      // 16 bits for "time_hi_and_version",
      // four most significant bits holds version number 4
      mt_rand(0, 0x0fff) | 0x4000,

      // 16 bits, 8 bits for "clk_seq_hi_res",
      // 8 bits for "clk_seq_low",
      // two most significant bits holds zero and one for variant DCE1.1
      mt_rand(0, 0x3fff) | 0x8000,

      // 48 bits for "node"
      mt_rand(0, 0xffff), mt_rand(0, 0xffff), mt_rand(0, 0xffff)
    );
}

    Note that mt_rand isn’t great, and you might prefer using openssl_random_pseudo_bytes in its place.

    • 0