search

ai / nanoid

A tiny (124 bytes), secure, URL-friendly, unique string ID generator for JavaScript
https://zelark.github.io/nano-id-cc/
MIT License
24.33k stars 788 forks source link

All monotonically increasing (auto-increment, k-sortable), and timestamp-based ids share the security issues #420

Closed DaRabus closed 1 year ago

DaRabus commented 1 year ago

Hey Guys,

Just checking here if nanoid() is safe to use, or is it also affected by these security issues?

https://github.com/paralleldrive/cuid

ai commented 1 year ago

This is why Nano ID is using hardware random generator to have unguessable IDs. Just don't reduce ID length and keep some timeout between tries.