Unique text field in MySQL and php

Question

I've created a salt using; md5(rand(0,10000000)); (there is probably a better way?)

There doesn't seem to be possible to make a text field unique in MYSQL. So how do I check if the salt has already been used for a previous user?

Or should I generate the salt based on the current date/time? as it is impossible for 2 users to register at exactly the same time correct?

Answer 1

For a salt, uniqueness is more important than length and predictability. You assume the attacker has the salt.

A universally unique identifier (UUID) would be best, and there are examples that generate universally unique identifiers on the doc page for the php uniqueid() function. A UUID has the advantage over a random string in that it's human readable and a fixed length, therefore you can store it in a varchar field and use a unique index to ensure there aren't ever duplicates.

Hashing the time with MD5 is a common method to generate unique values because it has a fixed length and is human readable. However, it makes more sense just to generate a fixed length random string and encode it into hex yourself. Hashes aren't designed for uniqueness so much as they're designed not to be reversible. Using a hashing function guarantees collisions, though there will be less collisions with SHA1 than MD5.

The length of the salt is really only a factor because the longer the salt, the more likely it is to be universally unique.