UUID Generator

A UUID (Universally Unique Identifier), also known as a GUID (Globally Unique Identifier) in Microsoft systems, is a 128-bit value used to uniquely identify information across distributed systems without a central coordinator. The probability of collision is so small it is considered effectively zero for any practical application. UUID v4 is the most common variant and uses 122 bits of randomness from a cryptographically secure random source. UUID v1 combines the current timestamp with a node identifier (originally the MAC address). UUID v7, standardized in RFC 9562, encodes a Unix millisecond timestamp in the high bits, making it both unique and sortable — ideal for database primary keys. This tool runs entirely in your browser using the Web Crypto API, so nothing is sent to a server.

star 4.9
New

UUID Generator calculator

shield 100% Private — UUIDs are generated in your browser with the Web Crypto API.

tune Options

5
1255075100

fingerprint Generated UUIDs

info v4 — 122 bits of randomness per UUID
5 generated

tag UUID Versions

v4 Random
Most common — pure crypto randomness
v1 Timestamp
Time + node — leaks generation time
v7 Sortable
Unix ms + random — great for DB keys
Nil Zeros
00000000-0000-0000-0000-000000000000

straighten UUID Anatomy

xxxxxxxx-xxxx-Mxxx-Nxxx-xxxxxxxxxxxx
M = version (1, 4, 7, ...)
N = variant (8, 9, a, or b for RFC 4122)
128 bits = 32 hex chars, grouped 8-4-4-4-12

lightbulb Quick Tips

  • 1 Use v7 for database primary keys — sortable order improves index locality
  • 2 Stick to lowercase UUIDs for consistency across systems
  • 3 Braced {xxx} form is Microsoft's GUID style — same value, different wrapper

How to Use the UUID Generator

tune

Choose UUID Version

Select v4 for random (most common), v1 for timestamp-based, v7 for sortable IDs, or nil for the all-zeros sentinel.

format_list_numbered

Pick Quantity

Generate between 1 and 100 UUIDs at once — useful for seeding databases or creating test fixtures.

format_shapes

Select Format

Choose standard hyphenated, uppercase, no-hyphens (raw 32 chars), or braced {xxx} Microsoft GUID format.

content_copy

Copy & Use

Click copy on any UUID, or use Copy All to grab the entire batch to your clipboard.

The Formula

All UUIDs are 128-bit values displayed as 32 hexadecimal characters grouped 8-4-4-4-12 with hyphens. Version bits occupy the 13th hex digit, and variant bits occupy the top bits of the 17th hex digit. v4 uses random data for everything else; v1 encodes a timestamp; v7 encodes a Unix millisecond timestamp that makes lexicographic sort equal chronological sort.

UUID = 128 bits = 32 hex chars = 8-4-4-4-12 pattern

lightbulb Variables Explained

  • v4 Random — 122 bits of crypto randomness + 6 fixed version/variant bits
  • v1 Timestamp — 60-bit time since 1582-10-15 + 14-bit clock seq + 48-bit node
  • v7 Sortable — 48-bit Unix ms timestamp + 74 bits random + version/variant
  • nil 00000000-0000-0000-0000-000000000000 — the all-zeros UUID

tips_and_updates Pro Tips

1

Use v4 for most cases — it's the simplest, most widely supported, and has no timing information to leak.

2

Use v7 for database primary keys — sortable by creation time improves B-tree locality and query performance.

3

Never use v1 when privacy matters — it originally embedded the MAC address and can reveal when an ID was generated.

4

The nil UUID (00000000-...) is a sentinel value; never use it as a real identifier.

5

UUIDs are case-insensitive per RFC 4122 — store them lowercase for consistency across systems.

Universally Unique Identifiers (UUIDs) are 128-bit values used to identify resources without requiring a central authority, making them essential for distributed systems, databases, APIs, and microservice architectures. The standard format — 8-4-4-4-12 hexadecimal characters like 550e8400-e29b-41d4-a716-446655440000 — provides 2^122 possible values (5.3 × 10^36), making accidental collisions effectively impossible. Our UUID generator creates version 4 (random) UUIDs instantly, with options to generate multiple UUIDs at once, copy to clipboard, and format as uppercase or lowercase. UUID v4 is the most common version in modern software, used by PostgreSQL's gen_random_uuid(), Python's uuid4(), JavaScript's crypto.randomUUID(), and most ORMs. Whether you need a unique identifier for a database record, API key, session token, or test fixture, this tool provides cryptographically random UUIDs that meet RFC 4122 specifications.

UUID versions and when to use each

  • UUID v1 combines a timestamp with the machine's MAC address — guaranteed unique but reveals creation time and hardware identity, creating privacy concerns.
  • UUID v3 and v5 are deterministic hashes: v3 uses MD5, v5 uses SHA-1. Given the same namespace and name, they always produce the same UUID — useful for generating consistent identifiers from natural keys (e.g., converting email addresses to user IDs).
  • UUID v4 uses 122 bits of random data, providing the strongest uniqueness guarantee without leaking any information.
  • UUID v7 (RFC 9562, 2024) embeds a Unix timestamp in the first 48 bits while keeping 74 random bits — sortable by creation time, making it ideal for database primary keys where index performance matters.

For most applications, v4 is the default choice; switch to v7 for database primary keys where insertion order matters.

UUID collision probability in practice

UUID v4 uses 122 random bits, yielding 5.3 × 10^36 possible values. The birthday problem determines collision probability: after generating 2.7 × 10^18 (2.7 quintillion) UUIDs, there is a 50% chance of one collision.

In practical terms, generating 1 billion UUIDs per second for 85 years reaches this threshold. At more realistic scales — a system generating 1 million UUIDs per day — the probability of any collision in 100 years is approximately 1 in 10^24.

This assumes a proper random number generator (CSPRNG); using Math.random() in JavaScript (which is not cryptographically secure) reduces entropy and increases collision risk. Always use crypto.randomUUID(), uuid v4 libraries, or database-native UUID functions for production systems.

UUIDs as database primary keys: tradeoffs

UUIDs as primary keys enable decentralized ID generation (applications create IDs without database roundtrips) and prevent enumeration attacks (users cannot guess other records' IDs).

However, random UUID v4 values hurt B-tree index performance — random insertions cause page splits and fragmentation, increasing write amplification by 2-5x compared to sequential integer keys. UUID v7 solves this with timestamp-prefixed randomness, providing both uniqueness and sequential ordering.

Storage cost is also higher: 16 bytes versus 4-8 bytes for integers, significant in tables with billions of rows and multiple indexes.

A common pattern combines UUIDs as public-facing identifiers with integer auto-increment keys internally, joining tables on the efficient integer while exposing only the secure UUID to APIs and URLs.

What is a UUID and how does it work?

A UUID (Universally Unique Identifier) is a 128-bit value designed to be unique across space and time without a central registration authority, as defined by IETF RFC 9562 (which obsoletes the earlier RFC 4122).

Its 128 bits are written as 32 hexadecimal characters grouped in an 8-4-4-4-12 pattern, such as 550e8400-e29b-41d4-a716-446655440000. Specific bits are reserved: the 13th hex digit encodes the version, and the top bits of the 17th hex digit encode the variant.

The remaining bits carry random data, a timestamp, or a hashed name depending on the version. Because the addressable space is 2^122, independent generators can safely mint identifiers without ever coordinating.

How to generate a UUID in JavaScript, Python, and SQL

The simplest way to generate a UUID is a built-in language function that calls a cryptographically secure random source.

  • In JavaScript, crypto.randomUUID() returns a v4 UUID and is documented on MDN Web Docs as part of the Web Crypto API, available in modern browsers and Node.js 14.17+.
  • In Python, the standard-library uuid module provides uuid.uuid4() for random and uuid.uuid1() for timestamp-based values.
  • In PostgreSQL, gen_random_uuid() produces a v4 UUID, while MySQL 8 offers UUID() for a v1-style value.

All of these emit RFC 9562-compliant strings, so IDs generated in one language interoperate cleanly with another.

UUID vs GUID: are they the same thing?

Yes, a GUID and a UUID are the same 128-bit identifier; GUID (Globally Unique Identifier) is simply Microsoft's terminology for the standard UUID defined by IETF RFC 9562. They are binary-compatible, so a value created by Windows or .NET can be consumed by any RFC-compliant system and vice versa.

The only routine difference is presentation: Microsoft tooling often wraps the value in curly braces, for example {550e8400-e29b-41d4-a716-446655440000}, and some COM APIs historically uppercased the hex.

A subtle caveat is byte order — Microsoft's binary GUID stores the first three fields in little-endian, which matters only when parsing raw bytes, not the canonical hyphenated string form.

Are UUIDs cryptographically secure or predictable?

A UUID is not a secret and should never be treated as one, even when its random bits come from a cryptographically secure generator. RFC 9562 explicitly warns that UUIDs offer no built-in security and must not be assumed hard to guess; OWASP similarly cautions against using identifiers as authorization tokens.

Version 4 draws 122 bits from a CSPRNG, so it is impractical to predict, but version 1 and version 7 embed timestamps that leak creation time, and version 3 and version 5 are deterministic hashes of a known namespace and name.

For session tokens, password resets, or API keys, generate dedicated high-entropy secrets rather than relying on a UUID's structure for protection.

Understanding UUID version and variant bits

The version and variant fields are fixed bit patterns embedded in every RFC 9562 UUID that tell parsers how the value was generated.

The version occupies the four most significant bits of the seventh byte (the 13th hex digit), so a v4 UUID always shows a 4 there and a v7 always shows a 7. The variant sits in the two or three most significant bits of the ninth byte (the 17th hex digit), which for the standard IETF variant makes that digit one of 8, 9, a, or b.

This is why a valid v4 UUID matches the pattern xxxxxxxx-xxxx-4xxx-[89ab]xxx-xxxxxxxxxxxx. Checking these fixed positions is the correct way to validate or classify a UUID rather than a loose length check.

How to generate UUIDs in bulk for testing and seeding

Bulk UUID generation is useful for seeding databases, building test fixtures, load-testing, and populating mock APIs, and this tool can output many valid identifiers in a single click. Because each UUID is created independently from a random or timestamp source per RFC 9562, generating a batch carries no meaningful collision risk even at large counts.

For repeatable test data, prefer deterministic version 5 UUIDs derived from a fixed namespace and name so the same input always yields the same identifier across runs.

When seeding production-scale tables, consider version 7 so the bulk-inserted rows land in roughly sequential index order, which keeps B-tree pages compact and reduces write amplification during the import.

How to store UUIDs efficiently in a database

Store UUIDs in a native 16-byte binary type whenever your database supports one, because keeping them as 36-character text wastes more than double the space and slows index comparisons. PostgreSQL provides a dedicated uuid column type, while MySQL and SQL Server commonly use BINARY(16) with conversion functions to and from the hyphenated string.

As RFC 9562 notes, UUIDs are case-insensitive and should be normalized — typically to lowercase — before storage so lookups stay consistent.

If you use UUIDs as primary keys, prefer version 7 to preserve insertion locality; if you must use version 4, some engines let you rearrange timestamp bytes, though version 7 is the standards-based solution to the same fragmentation problem.

Common mistakes when working with UUIDs

The most common UUID mistake is using a non-cryptographic random source such as JavaScript's Math.random(), which is not a CSPRNG and can produce biased or predictable values; MDN recommends crypto.randomUUID() or the Web Crypto API instead.

Other frequent errors include:

  • treating the nil UUID (all zeros) as a real identifier
  • assuming UUIDs are secret enough to authorize access
  • storing them as text when a 16-byte binary column would be far more efficient

Developers also mix versions inconsistently, or rely on version 1 in privacy-sensitive contexts where its embedded timestamp and historical MAC address leak information. Finally, comparing UUIDs case-sensitively causes false mismatches, since RFC 9562 defines them as case-insensitive.

Frequently Asked Questions

sell

Tags