I had the need for creating a link in an e-mail which should have had an unique identifier appended to it.
I did not want to use a numeric ID as it would have been to easy to “play” with and thus possibly creating information leakage further down the line.
I rather wanted to create a random looking string which isn't easy to tamper with while still being “roomy” enough for millions of valid hashes with even vaster empty space between - collision resistance is the key here. One other objective is it being not too lengthy, maybe even feasible to type in if there is no link handler registered in the e-mail application.
What I was looking for is something similiar to Youtube's video ID, e.g. http://www.youtube.com/watch?v=gD6slQbhF5c (damn - video not available when you're from Germany, use http://www.dailymotion.com/video/xot23_shakira-no_music instead )
One approach is to create a unique ID and get the MD5 value, then rebasing from hexadecimal base16 to base64.
In PHP, that's rather easy to do, all one has to do is use pack and base64_encode. In this example, the unique ID is created concatenating a numeric ID and a passphrase.
echo md5('123456secret'); 992f3c4e7ec9a0e96173284c816612bd
To rebase the MD5 sum from hexadecimal base16 to base64 and making it shorter and less looking like MD5 -
echo base64_encode(pack('H*', md5('123456secret'))); mS88Tn7JoOlhcyhMgWYSvQ==
To convert the hash back to the original hexadecimal expression, use
print_r(unpack('H*', base64_decode('mS88Tn7JoOlhcyhMgWYSvQ=='))); Array (  => 992f3c4e7ec9a0e96173284c816612bd )
An alternative might be the encryption of a numeric ID and rebasing this to anything from base16 to base64. An example might follow.