Just a little comment about hashes. I want to second roboslug and say that there's no use in using cryptographically-strong hash unless there're chances for your users to enter ID (think session ID in URL). These functions are usually computationally-hard (and usually by design) and add nothing from the point of randomness (and therefore uniqueness) to your ID.

But beware of users guessing your time()-based IDs in URLs (or even cookies).