Convergence is possible but very VERY unlikely. Weaknesses have been exposed in MD5 that allow convergences to be found more easily, but that isn't an issue here - that's to get around password encryption. You can't easily alter your IP address, and the other two parameters are outside of your control.
As an example:
http://www.megla.net/unique.php
PHP Code:
<?php
if ($_SERVER['HTTP_X_FORWARDED_FOR'] == NULL) $ip = $_SERVER['REMOTE_ADDR'];
else {
$source = $_SERVER['HTTP_X_FORWARDED_FOR'];
$pattern = "/\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}/";
preg_match($pattern, $source, $matches);
$ip = $matches[0];
}
$timestamp = time();
$myrandom = rand(10000000,99999999);
echo $ip . " + " . $timestamp . " + ". $myrandom . "<br />";
$unique = md5($ip . $timestamp . $myrandom);
echo "MD5 ID (hex) = $unique <br />";
echo "MD5 ID (dec) = " . base_convert($unique, 16, 10);
?>
The stuff at the top is there to get the real IP if you are going through a proxy (and the proxy is correctly forwarding it), including a regular expression to get it out of the string. If there is nothing in the field, it takes the standard remote address to be the IP address. This may either be your IP if you're directly connected, or the IP of an anonymous proxy (one which doesn't fill in the FORWARD field).