http://roshankulkarni.info/?p=3

This was used on a distributed application with about 4 PHP servers and a few million database records. The application was not very mission critical.

While this scheme is not cryptographically secure – it worked well in our scenario and offered a good key distribution and a low collision probability.

mt_srand( intval( microtime( true ) * 1000 ) );
$b = md5( uniqid( mt_rand(), true ), true );
$b[6] = chr( ( ord( $b[6] ) & 0×0F ) | 0×40 );
$b[8] = chr( ( ord( $b[8] ) & 0×3F ) | 0×80 );
return implode( ‘-’, unpack( ‘H8a/H4b/H4c/H4d/H12e’, $b ) );

I’ve included a time-based seeding of RNG, which might be relocated to a separate method as it isn’t intended to be done that frequently as on each call for generating another UUID but once a runtime …

Thanks again for your comment

To quote Wikipedia:

“The probability [of generating a duplicate UUID] also depends on the quality of the random number generator. A cryptographically secure pseudorandom number generator must be used to generate the values, otherwise the probability of duplicates may be significantly higher.”

This function has no proof that it meets the standards for a “cryptographically secure pseudorandom number generator”. It also doesn’t conform to any of the Version 1 thru 5 method of generating a string with sufficient randomness.

In other words, the chances of generating duplicate UUIDs may be unacceptably high when using this function.

Thanks for the heads up, but the poster at php.net has fundametally misunserstood what a hash collision is or means – a hash collision is where the chances of finding two different input strings which produce the same hash are reduced enough to (arguably, in theory only) warrant implementing the vast computing power necessary to do so, and offers no guarantees as to the clashing string’s usefulness in any security context. As security holes go, md5 clashes receive rather more press than they deserve.

A UUID (wikipedia) is a 16-byte (128-bit) number. The number of theoretically possible UUIDs is therefore 216*8 = 2128 = 25616 or about 3.4 × 1038. This means that 1 trillion UUIDs would have to be created every nanosecond for slightly more than 10 billion years to exhaust the number of UUIDs.

Whilst a Crptographicall Secure Pseudo Random number Generator is recommended for generating UUIDs, I’d hedge a bet that if you were to make up the UUIDS for a database of 100M entries yourself from imagination alone, we’d be pretty safe against clashes

just a quick fix:
- $chars = md5(uniqid(rand()));
+ $chars = uniqid(md5(rand()));

thanks for a quick function to make uuids.