random_string('unique') not unique

[eluser]moksahero[/eluser]
Friend of mine pointed out the fact that random_string('unique') in string helper is not actually unique. His reasoning was that random_string('unique') uses md5 hash and it is limited to 128bit hash value.

http://en.wikipedia.org/wiki/MD5#cite_note-0

Having only 128bit for hash means that there could be the same md5 hash returned for every once in (2^128)/2 times random_string('unique') is called (which is a very small possibility but it is possible)

After my friends' advise I decided to switch back to PHP's native uniqueid() function which uses micro seconds.

I think this should be mentioned in the user guide. What does everybody here think??

[eluser]Michael Wales[/eluser]
Agreed - it's not guaranteed random, I think the hashing is merely to guarantee it will be a 32-character string. You should always establish a UNIQUE key within your database, to confirm that an entry is unique when you expect it to be.

Or - you could just write your own random_string() function and use sha1() - a lot of different options here, uniqid() being the best, in my opinion.

[eluser]hvalente13[/eluser]
Hi,

I read this and found it very useful... It's a useful voice

http://codeigniter.com/news/codeigniter_...ew_davies/