UUID Generator Guide: Versions, v4 & How to Generate
UUID Generator Guide: Versions, v4 & How to Generate
A UUID (Universally Unique Identifier) is a 128-bit label used to identify information in computer systems without a central coordinating authority. When you need a primary key that is unique across databases, services, and even companies, a UUID generator hands you one in milliseconds. Try it instantly with our UUID Generator — it runs entirely in your browser, so the identifiers never leave your machine.
This guide covers what a UUID is made of, the differences between versions v1, v4, and v5, how unlikely a collision really is, common mistakes, and when a UUID beats an auto-increment integer.
What Is a UUID Generator?
A UUID generator produces a string in the canonical 8-4-4-4-12 hexadecimal
format, for example 550e8400-e29b-41d4-a716-446655440000. The 36 characters
encode 128 bits of information. The third group's first digit marks the version,
and the fourth group's first digit marks the variant (almost always 8, 9,
a, or b for the RFC 4122 variant).
The key property is uniqueness without coordination: two machines that have never talked to each other can each generate a UUID and be confident the values will not collide in any practical timeframe.
UUID Versions Compared
Not all UUIDs are created the same way. The version decides where the bits come from.
| Version | Source of bits | Deterministic? | Common use |
|---|---|---|---|
| v1 | Timestamp + MAC address | No | Legacy, sortable by time |
| v3 | MD5 of name + namespace | Yes | Stable IDs from a known name |
| v4 | Pure random | No | General-purpose keys (most common) |
| v5 | SHA-1 of name + namespace | Yes | Stable IDs, stronger than v3 |
Version 4 is the default for most modern applications: it is simply 122 bits of randomness and needs no clock or MAC address, which also avoids leaking the machine's hardware address.
The Structure of a UUID
Reading the canonical form left to right:
- 8-4-4 — a 60-bit timestamp (v1) or random/data block (v4).
- 4 — the version nibble (
1,3,4, or5). - 4 — the variant nibble plus 12 more bits (the "clock sequence").
- 12 — a 48-bit node identifier (MAC address in v1, random in v4).
A v4 UUID therefore looks random everywhere except the version and variant
positions, which are fixed. That makes v4 values easy to spot: the
xxxxxxxx-xxxx-4xxx-yxxx-xxxxxxxxxxxx shape, where y is 8, 9, a, or b.
Collision Probability
The question everyone asks: can two v4 UUIDs collide? Mathematically, yes — but the odds are astronomically small. With 2^122 possible v4 values, you would need to generate about 2.6 × 10^18 UUIDs before a collision becomes likely (the "birthday bound"). Generating 1 billion UUIDs per second for 100 years still leaves the collision probability near zero.
2^122 ≈ 5.3 × 10^36 possible v4 UUIDs
For almost every application — from session tokens to database row keys — a v4 UUID is safe. If you are hand-rolling an ID scheme, do not truncate the value; keep all 128 bits.
Common Mistakes
- Storing without the canonical format — keep the dashes; some databases
accept
UNHEXto store 16 bytes, but always normalize on read. - Using v1 and exposing the MAC — v1 embeds the network card's address, which can be a privacy leak. Prefer v4 unless you need time-ordering.
- Truncating for "shortness" — shortening a UUID raises collision risk and breaks the version/variant markers.
- Rolling your own RNG — a weak random source defeats the uniqueness guarantee.
Use a CSPRNG (the browser's
cryptoAPI or your language's secure generator). - Treating it as a secret — a UUID is unique, not un-guessable. Never use a UUID alone as a password or capability token.
Code Examples
JavaScript
// Generate a random (v4) UUID using the Web Crypto API
function uuidV4() {
return crypto.randomUUID(); // modern browsers + Node 19+
}
// Older fallback with getRandomValues
function uuidV4Fallback() {
const b = crypto.getRandomValues(new Uint8Array(16));
b[6] = (b[6] & 0x0f) | 0x40; // version 4
b[8] = (b[8] & 0x3f) | 0x80; // variant 10xx
const h = [...b].map((x) => x.toString(16).padStart(2, "0"));
return `${h.slice(0,4).join("")}-${h.slice(4,6).join("")}-${h.slice(6,8).join("")}-${h.slice(8,10).join("")}-${h.slice(10,16).join("")}`;
}
console.log(uuidV4());
Python
import uuid
# Random v4
print(uuid.uuid4())
# Deterministic v5 from a name (stable across runs)
print(uuid.uuid5(uuid.NAMESPACE_DNS, "codetoolpro.com"))
# Timestamp-based v1
print(uuid.uuid1())
Both runtimes produce RFC 4122-compliant values, so a UUID from one system is valid anywhere else.
Related Tools
- Generate random keys with the UUID Generator.
- Create fixed-length secrets with the Password Generator.
- Produce digests and checksums with the Hash Generator.
- Sign data with the HMAC Generator.
- Draw non-cryptographic values with the Random Number Generator.
When to Use a UUID Instead of Code
You can call crypto.randomUUID() in one line, so why open a tool? A browser
generator wins for the same reason a JSON formatter does: when you are in a logs
view, a seed script, or a design doc and need a real identifier now — no
project scaffold, no dependency, and no paste of potentially sensitive data to a
server. For production code, keep crypto.randomUUID() in your application; for
ad-hoc needs, the tool is faster.