Generating unique Base 62 encoded strings

This scares me.<p>&#62; I could run it out to md5 and trim the first n chars but that’s not going to be very unique.<p>What? MD5 going to be orders of magnitude better than what he's given.<p>&#62; Storing a truncated checksum in a unique field means that the frequency of collisions will increase geometrically as the number of unique keys for a base 62 encoded integer approaches 62^n.<p>Well, duh. That's a given. And his solution won't do any better.<p>&#62; I’d rather do it right than code myself a timebomb.<p>Doing it right would be using a real hash. Not something you came up with over a cup of coffee.<p>&#62; Pretty random-looking, huh?<p>If that's his idea of testing for randomness... Use any randomness test and I guarantee you MD5 will preform better and faster.<p>&#62; This is a minimum security technique.<p>This is the best piece of advice in the whole piece. Please never ever use this for something you want to be secure. I haven't tried to break it (maybe I'll do that over the weekend), but giving it a first glance I would be willing to bet anyone with some skill would be able to do so.<p>"Anyone, no matter how unskilled, can design an algorithm that he himself cannot break." -- Bruce Schneier

&#62; $dec = ($num * $prime)-floor($num * $prime/$ceil)*$ceil;<p>This looks like a clumsy way to implement modulus multiplication. My php is (thankfully) rusty, but it looks like an affine cipher with a fixed key?<p>If it is, a user can obtain two consecutive "hashes" and calculate past and future hashes. If they know the corresponding plaintext for a single hash, they can calculate arbitrary hashes.

Why wouldn't you run MD5 with binary output, then convert the output to base 62? That's ~21 digits in base 62 and doesn't require figuring out your own hashing function.

&#62; I chose primes near the golden ratio to maximize the appearance of randomness.<p>Anybody know what this appearance of randomness is?

On a related note, I've been trying to figure out a way to encode MongoDB ObjectIDs ( a 24-char hex string, like `"4d82a373aeb4b69aec000001"` ) into a shorter Base64 string usable in URLs (eg, `/posts/{id}` ). The problem is, it still takes a 16-char Base64 to represent the same number as a 24-char hex string, and the Base64 one is even uglier.<p>I've been contemplating a way to generate my own ids, similar to this, but was running into trouble on how to make sure its always generated unique, on distinct machines.