This change record simply emphasizes a standard for writing secure code that has been documented and in place since Drupal 7. See https://www.drupal.org/docs/7/security/writing-secure-code-0/use-of-hash....
As a reminder, any time you need a hash or hmac, use on of the core methods.
- Drupal 8
\Drupal\Component\Utility\Crypt::hashBase64()
-
Drupal 7
drupal_hash_base64()
drupal_hmac_base64()
In the very rare case you must have a shorter hash value, use a substring of the core hash at least 22 characters long (132 bits). There is almost never a reason this is needed.
If you need a unique value that should not collide with previously generated values, you may want to use http://php.net/manual/en/function.uniqid.php.