So I have a service where you sign up for events. When you sign up, you get an email with an url where you can sign off the event. The given parameter of the url should be something that not anyone can guess.
I've thought of UID, but that just isn't human readable. I also thought of hashing, but I don't know if I want to use that.
btw; I'm doing this in java, in case you know of some nifty tools.
Any suggestions?
If you are sending a url inside an email does it really need to be human readable? It's not uncommon for verification emails to contain a random string.
You can always write the email in HTML:
<a href="http://your.site/signoff?id=unguessable-random-number">Sign off here</a>
and the random bit will be hidden from the user. Of course, this might trigger spam filters so you'll need to be a bit careful.
EDIT: By the way, you probably want to use a GUID since the number should only be used once. You can hash something if you like, but whenever you are dealing with a nonce (number used once) then random is your friend.