You are absolutely correct, from RFC 1321:

...It is conjectured that it is computationally infeasible to produce two messages having the same message digest, or to produce any message having a given prespecified target message digest...

So, just using the MD5 algorithm means that there is no gaurantee of a unique message digest. ;-)

For something such as a session id for a web script, this is usually sufficient. To resolve your argument, you could add more text until you are reasonably certain that your entropy message is not reproducible:

...
while(<LINES_OF_TEXT>) {
  $md5->add($_);
}
...
[download]

...the downside is that it takes longer to compute.

One way to gaurantee that the number is unique for that 'insert' statement is to have that database generate the number either from a sequence or stored procedure.

I was just trying to keep it simple and sufficient. :-)

--
hiseldl
What time is it? It's Camel Time!