Forum Discussion
Kevin_Stewart
Feb 16, 2013Employee
I guess it depends on how globally unique you want the value to be. MD5 isn't considered a secure hashing algorithm anymore because it's been computationally proven to allow collisions. That said, the number of iterations it'd likely take to produce an MD5 collision versus the number of user session you're prepared to support probably makes it a reasonable choice.
And for what it's worth, a single AES operation is no better or worse than the two you're using, and likely less intensive to produce.