The hash isn't a random value (Edit - well, maybe it is). Look in payments.php to see how it's calculated.
I'm not sure, but I think maybe in this case the reason for a hash is to generate a unique id for the payment that can't be guessed (if you just used increasing integers for an id it would be easy to guess). ETA...in which case, now that I think about it, random values might work just as well as long as they're unique.
|