The generating a random number bit is the key to this. There is support for random number generation in PHP but it is not a feature of eCart. We do have a tool that will create a random value that fits your specs, it is Security Assist. With this too you would use the 'random password' binding to generate a random string.
You may also be able to use the session id since it should be random but I don't think this is the most secure way to go.
The idea is that you would generate this random number during the checkout and store it in a session variable. You can store the number in your order details table to record it. You would then sent it out in an email to the user. Our Universal Email tool can handle the creation of the emailing script for you on this. Here is some more info about both of these tools: