Manual:$wgSecretKey

Details
This should always be customized to a secret, unique string in LocalSettings.php. Installer.php sets it to a 64-character random string generated by

When no better sources of entropy are available to MediaWiki, this value is used as a source of cryptographic entropy when generating user_tokens to insert into the users table which is used as a persistent cookie for authentication (when a user checks "Remember my login on this browser") that is resilient to spoofing. On modern PHP versions with access to /dev/urandom, mcrypt random, or openssl random, these functions are used in lieu of this variable.

$wgProxyKey
From 1.3 to 1.4, $wgProxyKey was the documented setting for this. In 1.4, this was marked as deprecated in favor of $wgSecretKey.