cuid.slug 2 characters never change

[dwelle]

cuid.slug() uses 2 chars from browser fingerprint as a constant (4th & 5th character) that never changes, largely decreasing slug's entropy.

Shouldn't the algo be changed so it's using up all 7 characters ~equally?

[ericelliott]

No. Fingerprints are important to avoid collisions in distributed id creation. For example, right now I have two nearly identical macbooks running side-by-side.

One of them has the fingerprint ox. The other has ym.

Additionally, slugs should ONLY be used for situations where collisions are unlikely and non-critical, like URL disambiguation. For example, if I attempt to slugify "My Blog Post" on each of my machines, here are the results:

• Macbook 1: my-blog-post-hc1oxo1
• Macbook 2: my-blog-post-1dqym2z

If you need more entropy and stronger collision guarantees than slug provides, use a full cuid.