Hashes are not best things for security, and i wouldn't recommend it in most cases.
But in this case there is a difference:
All SSID's are absolute nonsense (I mean they are random) so If you add needed salt to make your
salt.length + $userId.length
more than 32 characters (to be on the safe side, make it more than 128 chars), it's logically impossible to decrypt the hash. decrypting it would be like remaking a file from its hash! which is impossible
To make things easier, here is the code you need:
function YourNewHashMaker($str)
{
return sha1(md5("Some Random Salt".$str).$str."Another Random Salt!".sha1("This one is too much".$str));
}
Use it like this:
YourNewHashMaker($userId);
Only security hole here, is the possibility that someone steals your code, and starts to make a rainbow table, which is a REALLY hard thing to do. and also the same security hole of all other hashes.
Edit: Remember, whatever idea you are having to make your own hashmakers, remember that output string must be generated by an approved algorithm. in other words, Do not add anything before or after 'sha1(....)' , just inside of the function.
Hope It Helps.