Rudder

And use random chars directly from SecureRandom, as done for other tokens.

The current only implementation of StringUuidGenerator uses java.util.UUID.randomUUID, which in turn gets 122 bits (because a part of the uuid is not random) from java.security.SecureRandom, which is suitable for the purpose.

But this is sub-optimal for two reasons:

• It does not communicate the intent. UUID are meant to be unique, not cryptographically secure.
• The StringUuidGenerator trait does not carry any garantee about randomness, and one could easily switch implementation and produce predictable tokens.