Generating a UUID, hashing it with a good cryptographic hash algorithm, and then taking a substring of the hash value would be the closest you’d get to globally unique there.

SHA-1, for example, is 160 bits over a 128-bit UUID, so theoretically the pigeonhole principle would be okay there given the various cascading effects of the hash. The substring, obviously, would be a smaller space but all of the bits should be more-or-less equally random so the chance of collision would be proportional to the number of bits only, unlike substrings of a raw UUID.

Now, at that point there’s essentially no difference from generating an 8-byte random number with a sufficiently good RNG, but it’s a fun thought exercise.

There is a difference - compute time. The random number generator can run out of randomness and stall until more randomness is supplied, so it is best to keep it simple and use a system-supplied random number with code that has a predicable number of calls to it, or (probably better), avoid using the random number generator at all and simply use a key that is incremented from a known starting point and encoded to a consistent length (e.g., to hexadecimal).

Generating a UUID, hashing it with a good cryptographic hash algorithm, and then taking a substring of the hash value would be the closest you’d get to globally unique there.

SHA-1, for example, is 160 bits over a 128-bit UUID, so

theoreticallythe pigeonhole principle would be okay there given the various cascading effects of the hash. The substring, obviously, would be a smaller space but all of the bits should be more-or-less equally random so the chance of collision would be proportional to the number of bits only, unlike substrings of a raw UUID.Now, at that point there’s essentially no difference from generating an 8-byte random number with a sufficiently good RNG, but it’s a fun thought exercise.

There is a difference - compute time. The random number generator can run out of randomness and stall until more randomness is supplied, so it is best to keep it simple and use a system-supplied random number with code that has a predicable number of calls to it, or (probably better), avoid using the random number generator at all and simply use a key that is incremented from a known starting point and encoded to a consistent length (e.g., to hexadecimal).