> UUIDs are 128 bits. Which is beat by a 5 character a-z random string.

A sibling gives the actual math that shows how wrong this is, but this doesn't even pass the most rudimentary sniff test. The most common encoding for a lowercase string would be in 8 bits per character, so a 5 character string can get you at most to 40 bits.

And that's assuming you allowed every one of the 256 possible characters. You're restricting it down to 26 characters.

EDIT: I was curious, so I checked. Even if you allowed every current Unicode character, 5 characters only gets you to ~86 bits of entropy:

log2(149186^5) ~= 85.9

As for the original 6 nines claim, I also calculated the entropy for a 14 character random password that allows all 62 letters+numbers plus 8 special characters:

log2(70^14) ~= 85.8

It's not until 20 characters that it matches a UUID v4. So, yeah, I'm okay with OP's 6 nines.

128 bits are 16 bytes, which is at best a binary string of 16 characters. Remove some bits for the not random parts of the UUID and still you don't get down to 5 characters. Furthermore "a 5 character a-z random string" is less than 5 bits per character. Make them less than 6 by adding A-Z and the ten digits.

About storage, at least PostgreSQL has been using 16 bits of storage since at least version 8 many years ago.

https://www.postgresql.org/docs/current/datatype-uuid.html

https://www.jacoelho.com/blog/2021/06/postgresql-uuid-vs-tex...

A 5 character a-z random string has log2(26^5) =~ 23.5 bits of entropy, way less than 128.

The best case for a 5 ascii character password is 7 * 5 = 35 bits.