creating unique yet ordered ,order number for a customer's order

In my java app I need to generate a unique order number for a customer's order.I thought the time of creation of order is a good enough unique value.Two orders cannot be created at the same second. To prevent others from using the ordernumber, by guessing some creationtime value,I appended a part of hash of the creationtime string to it and made it the final order number string.

Is there any unseen pitfall in this approach?Creating the order number based on time of creation was intended to give some sort order for the created orders in the system.. The code is given here

public static String createOrderNumber(Date orderDate) throws NoSuchAlgorithmException {
        DateFormat df = new SimpleDateFormat("yyyyMMddHHmmss");
        String datestring = df.format(orderDate).toString();
        System.out.println("datestring="+datestring);
        System.out.println("datestring size="+datestring.length());
        String hash = makeHashString(datestring);//creates SHA1 hash of 16 digits
        System.out.println("hash="+hash);
        System.out.println("hash size="+hash.length());
        int datestringlen = datestring.length();
        String ordernum = datestring+hash.substring(datestringlen,datestringlen+5);
        System.out.println("ordernu开发者_如何学Cm size="+ordernum.length());
        return ordernum;
    }

    private static String makeHashString(String plain) throws NoSuchAlgorithmException {
        final int MD_PASSWORD_LENGTH = 16;
        final String HASH_ALGORITHM = "SHA1";
        String hash = null;
         try {
                MessageDigest md = MessageDigest.getInstance(HASH_ALGORITHM);
                md.update(plain.getBytes());
                BigInteger hashint = new BigInteger(1, md.digest());
                hash = hashint.toString(MD_PASSWORD_LENGTH);
            } catch (NoSuchAlgorithmException nsae) {
                throw(nsae);
            }
        return hash;
    }

A sample output is

datestring=20110924103251
datestring size=14
hash=a9bcd51fc69d9225c5d96061d9c8628137df14e0
hash size=40
ordernum size=19
ordernum=2011092410325125c5d

One potential issue cn arise if your application runs on cluster of servers. In this case if it happens that this code is executed simultanesously in two JVMs tha same orders will be generated.

If this is not the case, the unique order number generation based on the dates sounds ok to me. I didn't really understood the meaning of hash here. I mean from the cryptography point of view it doesn't really add a security to your code. If a "malicious" client guesses the order number, its enough to know that the SHA1 hash is applied, the algorithm itself is known, and may be applied to determine the order number.

Hope this helps

If needed an unique it should always be from a 3rd party system which is common and the receiving/calculating method should be through a synchronized method where this will happens sequential or can be generated through database system which will be almost always unique.