RFC: Consider adding one or two extra characters to the encoding for a checksum

[loreto]

One the top comments in the HackerNews discussion was:

I've been doing this kind of thing for years with two notable differences:
...

I add two base-32 characters as a checksum (salted of course). This is prevents having to go look at the datastore when the
value is bogus either by accident or malice. I'm unsure why other implementations don't do this.

Should we do that as part of the official TypeID spec?

[conradludgate]

checksum (salted of course)
value is bogus either by accident or malice

This is implying some cryptographic solution AFAIU (A CRC checksum won't protect from malice). I feel like a cryptographic addition to this specification would overcomplicate it considerably and add.

With adding 2 extra base32 characters, however, we have 12 bits to play with, so we can use a CRC-12 for the checksum