What is the benefit of a "random" salt over a "unique" salt?

Question

I am currently writing a program and part of it involves securely creating password hashes to store in a database and I came across the phpass framework, which seems to be highly recommended. In phpass, they seem to go through great lengths to produce a salt that is as truly random as possible to be used for the hashes (e.g. reading from /dev/urandom).

My question is, what is the benefit of doing this as opposed to simply using uniqid()? Isn't the point simply to make sure that the salts used for the hashes are different from each other rather than random? Wouldn't using a truly random salt actually be worse than using a unique salt since it could potentially produce collisions while uniqid() won't?

Edit: My question wasn't about whether or not "true" randomness exists in computer environments, so maybe I misphrased it a bit, however my question was more along the lines of whether a "more" random salt has any benefit over more uniqueness as a salt.

Answer 1

I'm trying to find references to some precedents of exploits (and struggling!), but the idea of a cryptographically random salt as opposed to a random value such as produced by uniqid() is to help protect against attacks on the encryption scheme by way of the ciphertext. A salt with a predictable pattern - such as a unique ID - generated by a pseudo-random number generator takes some of that variability out of the ciphertext and of course, in cryptography, unpredictability is what you're looking for.

Certainly if a cryptographically-secure random number generator is available to you in your framework of choice (i.e. RNGCryptoServiceProvider in .NET), you'd opt for this over more predictable patterns. I'll see if I can find some good precedents or white-papers on this.