ericelliott
commented
4 years ago CUID uses cryptographically secure random number generation when it's available, but falls back on Math.random() when it's not. The former is likely to compare favorably with /dev/urandom. Math.random() is not a CSRNG, but cuid is still very unlikely to collide due to the fact that it combines the random number with the current system time in ms and a pseudo-unique host fingerprint.
Is CUID proven to be more collision resistant than /dev/(u)random that is part of *nix operating systems?