> "Although the chance of a collision is extremely low because the random value has at least 150 bits of entropy, there is still a chance."<p>I am... speechless. I mean... Um.<p>The last time I checked, no one was able to break 128 bits of security for anything, let alone 150 bits, or for a domain validation of some domain name no one cares about.<p>This is the same attitude that has everyone deploying in-kernel code and arbitrary updates written by companies who can't get the basic QA right. The auditors and lawyers get to decide what "security" looks like.<p>It's "best to be safe".