I want to allow untrused clients to create fairly short IDs, but enforce that they aren't human-meaningful (e.g. "l34fa75ljasd" is OK but "canada-is-evil" is not).
One approach to doing this would be to have the client create a value, hash it, and then use the hashed value as the ID (first suggested in this question).
I'm not sure what the best way to implement this is though.
The simplest approach I can think of would be for the client to create a random string, hash it with something like blake2b, base64 encode the result, and then truncate it down to the desired number of digits.
This approach seems to have problems though -- it might be easy to cause the first part of the hash (though not the whole thing) to collide with a desired string. Using the whole output of the hash as the ID would remove this problem, but it would conflict with our original goal of the results being fairly short. Also, I'm not sure how long the value that's provided as the hash function's input should be.
Could someone with more crypto expertise weigh in on the correct way to implement a system like this? My goal is for the resulting ID to be 128 base64 encoded bits, so 22 characters. I'd also like the results of the hashes to be spread evenly over that space so the IDs can be used as global identifiers without an increased chance of conflicts (if possible).
