UUID Generator

UUID Guide

Understanding UUID: The Complete Guide

What is a UUID?

A Universally Unique Identifier (UUID) is a 128-bit identifier that is generated according to standardized methods to ensure uniqueness across space and time. UUIDs are designed to be globally unique without requiring a central registration authority or coordination between parties generating them.

The standard representation of a UUID is a 32-character hexadecimal string, divided into five groups separated by hyphens, in the format 8-4-4-4-12, for example: 550e8400-e29b-41d4-a716-446655440000.

UUID Types & Versions

The UUID specification defines several versions, each with different generation mechanisms:

Version 1 (Time-based)

Generated using the current timestamp and MAC address of the computer. Provides uniqueness through spatial-temporal coordinates.

Version 2 (DCE Security)

Similar to Version 1, but includes domain components for security purposes. Less commonly implemented.

Version 3 (Name-based, MD5)

Generated by hashing a namespace identifier and name using MD5. Produces consistent results for the same inputs.

Version 4 (Random)

Generated using random or pseudo-random numbers. The most widely used version due to its simplicity and privacy advantages.

Version 5 (Name-based, SHA-1)

Similar to Version 3, but uses SHA-1 instead of MD5, providing better cryptographic properties.

Version 6, 7, 8

Newer versions addressing specific use cases including sortability, improved time-based generation, and custom generation methods. Version 7 is standardized in RFC 9562 and is supported on this site.

  • UUID v6: Reordered time-based for better database locality (proposed).
  • UUID v7: Time-ordered with 48-bit Unix millisecond timestamp plus randomness. Great for sortability and indexing.
  • UUID v8: Custom format space reserved for future extensions.

UUID Generation

UUID generation varies by version, but follows specific algorithms to ensure uniqueness:

  • Hardware-based generation: Using MAC addresses and timestamps (v1)
  • Cryptographic hash functions: Creating deterministic values from namespaces and names (v3, v5)
  • Random number generators: Using cryptographically secure PRNGs for unpredictable values (v4)

Most programming languages and databases provide built-in functions for UUID generation, making implementation straightforward.

Security Considerations

UUIDs have various security implications depending on the version used:

  • Version 1 UUIDs can potentially leak MAC addresses and timing information.
  • Version 4 UUIDs provide better privacy but rely on the quality of the random number generator.
  • UUIDs should not be used as security tokens without additional measures.
  • The predictability of version 3 and 5 UUIDs makes them unsuitable for security-sensitive scenarios.

For applications where security is critical, consider using dedicated cryptographic techniques alongside or instead of UUIDs.

Common Use Cases

UUIDs are versatile identifiers used in numerous contexts:

  • Database primary keys: Especially in distributed systems where coordinated ID generation is impractical
  • Distributed systems: For generating identifiers across multiple nodes without coordination
  • Content addressing: For uniquely identifying content or resources
  • Session identifiers: For tracking user sessions in web applications
  • Transaction IDs: For uniquely identifying transactions across systems
  • API request identifiers: For tracking and correlating API requests

Best Practices

When working with UUIDs, consider these best practices:

  • Choose the appropriate UUID version for your use case (v4 for most general purposes)
  • Consider storage implications (128 bits is larger than sequential integers)
  • Be aware of index performance in databases (UUIDs don't cluster naturally)
  • Use appropriate data types in databases (use UUID/GUID types rather than strings when available)
  • For high-performance systems, consider alternatives like ULID or KSUID that offer better sortability

UUID vs GUID

While the terms are often used interchangeably, there are subtle differences:

  • UUID is the standard defined by RFC 4122
  • GUID (Globally Unique Identifier) is Microsoft's implementation of the UUID standard
  • GUIDs typically follow the same format and generation methods as UUIDs
  • Some Microsoft systems store GUIDs in a different byte order than canonical UUIDs

For most practical purposes, UUIDs and GUIDs can be considered equivalent.

Advantages of UUID

UUIDs offer several benefits over other identifier schemes:

  • Decentralized generation: No coordination needed between systems
  • Global uniqueness: Practically eliminates the risk of collisions
  • No sequential patterns: Improved security by avoiding predictable IDs
  • Cross-system compatibility: Widely supported across languages and platforms
  • URL-safe: Can be safely used in URLs without encoding

Limitations

UUIDs are not ideal for every scenario:

  • Size: 128 bits (16 bytes) is larger than sequential integers
  • Readability: Not human-friendly or memorable
  • Database performance: Can impact indexing and storage efficiency
  • Not sortable: Standard UUIDs don't preserve creation order (except specialized versions)
  • Overhead: Generation may be more computationally expensive than simpler ID schemes

Implementation Examples

Python

import uuid

# Generate a random UUID (v4)
random_uuid = uuid.uuid4()
print(random_uuid)

# Generate a UUID based on a namespace and name (v5)
namespace_uuid = uuid.uuid5(uuid.NAMESPACE_DNS, 'example.com')
print(namespace_uuid)

JavaScript

// Using the crypto API
function uuidv4() {
  return ([1e7]+-1e3+-4e3+-8e3+-1e11).replace(/[018]/g, c =>
    (c ^ crypto.getRandomValues(new Uint8Array(1))[0] & 15 >> c / 4).toString(16)
  );
}

console.log(uuidv4());

// Using a library like uuid
// npm install uuid
const { v4: uuidv4 } = require('uuid');
console.log(uuidv4());

SQL

-- PostgreSQL
SELECT gen_random_uuid();

-- MySQL 8.0+
SELECT UUID();

-- SQL Server
SELECT NEWID();

Future of UUID

The UUID standard continues to evolve with new versions addressing specific needs:

  • UUIDv6: Sortable, time-ordered UUIDs for better database performance
  • UUIDv7: Time-ordered with Unix timestamp for better sortability (supported here)
  • UUIDv8: Reserved for future formats and custom use cases

Alternative identifier schemes like ULID, KSUID, and xid are also gaining popularity for specific use cases where UUID limitations are problematic.