I hadn't thought of doubling the md5_hex operations -- nice tip, thank you.

I am no crypto expert, but from what I know, Its not really any stronger than if you didn't do it this way. Using MD5 and different text each time, it is highly unlikely that you will find a collision actually, that is just the nature of MD5 and hashing algorithms in general.

It's not MD5 use that causes issues -- it's the random data that one is hashing. If the text is always different, great -- but on systems with poor PRNG's (Win2k springs to mind), I have gotten MD5 collisions based on the fact that outputs weren't random enough - MD5 the same text twice, and you get the same digest each time. With the same algo above, except s/2345678/2345/, I had 11 collisions in 20,000 generated sessions. Not Good™.

Again, though, I will have to try your much faster (and shorter) method and see if I get good results with a poor PRNG -- thanks!