This repository was archived by the owner on Jun 24, 2025. It is now read-only.
This repository was archived by the owner on Jun 24, 2025. It is now read-only.
Consider Cuid2 support? #41
Description
Cuid2 is a secure id generator that may be better than UUID for this use case.
Cuid2 is:
- Secure: It's not feasible to guess the next id, existing valid ids, or learn anything about the referenced data from the id. Cuid2 uses multiple, independent entropy sources and hashes them with a security-audited, NIST-standard cryptographically secure hashing algorithm (Sha3).
- Collision resistant: It's extremely unlikely to generate the same id twice (by default, you'd need to generate roughly 4,000,000,000,000,000,000 ids (
sqrt(36^(24-1) * 26) = 4.0268498e+18) to reach 50% chance of collision. - Horizontally scalable: Generate ids on multiple machines without coordination.
- Offline-compatible: Generate ids without a network connection.
- URL and name-friendly: No special characters.
- Fast and convenient: No async operations. Won't introduce user-noticeable delays. Less than 5k, gzipped.
- But not too fast: If you can hash too quickly you can launch parallel attacks to find duplicates or break entropy-hiding. For unique ids, the fastest runner loses the security race.
UUID V4 relies purely on pseudorandom entropy (even the "cryptographically secure" version - see Cuid2 docs), and has historically had collision problems, which could lead to duplicate request ids.