Technically, that could work. As long as you're not going
to have 32K sessions per second, that seems fairly unique.
Problem is, I believe the poster wanted random. There's many ways
you could run into race conditions in this case. I say it
depends on the application as to the source of randomness
and uniqueness. For example, if using a database that
supports sequences, you could MD5-encrypt a sequence
number with a random password, and that'd be both unique
and random, as well as fairly simple. Without more
information, it's difficult, though.
Update: Double posted; this should be under this node instead.
Update2: Second post had MD5 note added whereas first didn't.