[user5994461]

>>> The short answer is: don't overthink it. Do the simplest thing that will work: use 16+ byte random keys read from /dev/urandom and stored in a database. The cool-kid name for this is "bearer tokens".

Please don't reinvent the wheel and use a guid.

A guid is a random number generator to avoid collisions.

[pvg]

If you are getting collisions from 128 bit (and up) numbers coming out of a system CSRNG, your service is likely to be meaningfully affected by bigger problems like plate tectonics and lunar orbital decay.

[ta76567656]

Not all GUIDs are random, and not all random GUIDs are cryptographically random: https://en.wikipedia.org/wiki/Universally_unique_identifier#...

[wglb]

GUIDS are NOT random. They are unique (the 'U' in GUID).