CodeToolProCodeToolPro
GitHub
Generators·9 min read

UUID Generator Guide: Versions, v4 & How to Generate

CodeToolPro Team·

UUID Generator Guide: Versions, v4 & How to Generate

A UUID (Universally Unique Identifier) is a 128-bit label used to identify information in computer systems without a central coordinating authority. When you need a primary key that is unique across databases, services, and even companies, a UUID generator hands you one in milliseconds. Try it instantly with our UUID Generator — it runs entirely in your browser, so the identifiers never leave your machine.

This guide covers what a UUID is made of, the differences between versions v1, v4, and v5, how unlikely a collision really is, common mistakes, and when a UUID beats an auto-increment integer.

What Is a UUID Generator?

A UUID generator produces a string in the canonical 8-4-4-4-12 hexadecimal format, for example 550e8400-e29b-41d4-a716-446655440000. The 36 characters encode 128 bits of information. The third group's first digit marks the version, and the fourth group's first digit marks the variant (almost always 8, 9, a, or b for the RFC 4122 variant).

The key property is uniqueness without coordination: two machines that have never talked to each other can each generate a UUID and be confident the values will not collide in any practical timeframe.

UUID Versions Compared

Not all UUIDs are created the same way. The version decides where the bits come from.

VersionSource of bitsDeterministic?Common use
v1Timestamp + MAC addressNoLegacy, sortable by time
v3MD5 of name + namespaceYesStable IDs from a known name
v4Pure randomNoGeneral-purpose keys (most common)
v5SHA-1 of name + namespaceYesStable IDs, stronger than v3

Version 4 is the default for most modern applications: it is simply 122 bits of randomness and needs no clock or MAC address, which also avoids leaking the machine's hardware address.

The Structure of a UUID

Reading the canonical form left to right:

  • 8-4-4 — a 60-bit timestamp (v1) or random/data block (v4).
  • 4 — the version nibble (1, 3, 4, or 5).
  • 4 — the variant nibble plus 12 more bits (the "clock sequence").
  • 12 — a 48-bit node identifier (MAC address in v1, random in v4).

A v4 UUID therefore looks random everywhere except the version and variant positions, which are fixed. That makes v4 values easy to spot: the xxxxxxxx-xxxx-4xxx-yxxx-xxxxxxxxxxxx shape, where y is 8, 9, a, or b.

Collision Probability

The question everyone asks: can two v4 UUIDs collide? Mathematically, yes — but the odds are astronomically small. With 2^122 possible v4 values, you would need to generate about 2.6 × 10^18 UUIDs before a collision becomes likely (the "birthday bound"). Generating 1 billion UUIDs per second for 100 years still leaves the collision probability near zero.

2^122 ≈ 5.3 × 10^36 possible v4 UUIDs

For almost every application — from session tokens to database row keys — a v4 UUID is safe. If you are hand-rolling an ID scheme, do not truncate the value; keep all 128 bits.

Common Mistakes

  • Storing without the canonical format — keep the dashes; some databases accept UNHEX to store 16 bytes, but always normalize on read.
  • Using v1 and exposing the MAC — v1 embeds the network card's address, which can be a privacy leak. Prefer v4 unless you need time-ordering.
  • Truncating for "shortness" — shortening a UUID raises collision risk and breaks the version/variant markers.
  • Rolling your own RNG — a weak random source defeats the uniqueness guarantee. Use a CSPRNG (the browser's crypto API or your language's secure generator).
  • Treating it as a secret — a UUID is unique, not un-guessable. Never use a UUID alone as a password or capability token.

Code Examples

JavaScript

// Generate a random (v4) UUID using the Web Crypto API
function uuidV4() {
  return crypto.randomUUID(); // modern browsers + Node 19+
}

// Older fallback with getRandomValues
function uuidV4Fallback() {
  const b = crypto.getRandomValues(new Uint8Array(16));
  b[6] = (b[6] & 0x0f) | 0x40; // version 4
  b[8] = (b[8] & 0x3f) | 0x80; // variant 10xx
  const h = [...b].map((x) => x.toString(16).padStart(2, "0"));
  return `${h.slice(0,4).join("")}-${h.slice(4,6).join("")}-${h.slice(6,8).join("")}-${h.slice(8,10).join("")}-${h.slice(10,16).join("")}`;
}

console.log(uuidV4());

Python

import uuid

# Random v4
print(uuid.uuid4())

# Deterministic v5 from a name (stable across runs)
print(uuid.uuid5(uuid.NAMESPACE_DNS, "codetoolpro.com"))

# Timestamp-based v1
print(uuid.uuid1())

Both runtimes produce RFC 4122-compliant values, so a UUID from one system is valid anywhere else.

Related Tools

When to Use a UUID Instead of Code

You can call crypto.randomUUID() in one line, so why open a tool? A browser generator wins for the same reason a JSON formatter does: when you are in a logs view, a seed script, or a design doc and need a real identifier now — no project scaffold, no dependency, and no paste of potentially sensitive data to a server. For production code, keep crypto.randomUUID() in your application; for ad-hoc needs, the tool is faster.