I know you’re reluctant to use it due to the performance loss, UUID is at least natively supported in PG and Rails 4. Given how important this piece of your system (I assume from limited knowledge) is, I think UUID is the way to go.
If you want to use the SHA, you could use a (dreaded) callback to re-hash to user data on every save. That’s one of the few scenarios where an AR callback has a nice use case.