[mayanklahiri]

You don't even need to go that far. For non-critical applications (i.e., your web app), you can randomly generate a small string, say 12 bytes, using base-62 characters (A-Za-z0-9) to serve as a probably unique user ID (with VERY high probability).

[wahnfrieden]

Heard of GUIDs? Make part of it a timestamp, and the chance of collisions goes down astronomically further.

[mayanklahiri]

In some cases, including a timestamp in an ID can be giving away information considered private. Sure, you could just hash the resultant ID, but then you're getting back to random digits anyway.