Manual:$wgSecretKey

Details
This should always be customized to a secret, unique string in .

 sets it to a 64-character random string generated by  

When no better sources of entropy are available to MediaWiki, this value is used as a source of cryptographic entropy when generating s to insert into the  table which is used as a persistent cookie for authentication (when a user checks "Remember my login on this browser") that is resilient to spoofing.

On modern PHP versions with access to /dev/urandom, mcrypt random, or openssl random, these functions are used in lieu of this variable.

$wgProxyKey
From 1.3 to 1.4, $wgProxyKey was the documented setting for this.

In 1.4, this was marked as deprecated in favor of $wgSecretKey.

In 1.24, $wgProxyKey was removed (yes, it really did take almost 10 years to remove).