Expanding on my thread, it’s been nagging me that the random tail on small key sortable unique IDs (KSUID) might not provide as much protection vs collision as I’d trusted. Segment were able to throw bits at the problem, but I needed to pack my identifiers in smaller spaces.
After sparing 32 bits for the timestamp I might have room for only 32, 40, or 96 random bits. There’s that cryptographers’ rule of thumb about collision needing half the bit count… but how likely is it we’ll get at least one collision?
My math being a bit rusty, I decided to brute force it (birthday.exs
). I didn't like my results.exs
:
- 39% failure for 2¹⁶ random choices from 2³² possible keys (3443 rounds)
- 45% failure for 2²⁰ random choices from 2⁴⁰ possible keys (163 rounds)