What's the difference between UUID v1 and v4?

UUID v1 is time-based and includes your MAC address (less private). UUID v4 is randomly generated — preferred for most applications.

Can two UUIDs ever be the same?

Theoretically possible but statistically impossible — there are 2^122 possible UUID v4 values (5.3 undecillion).

Are UUIDs case-sensitive?

No. UUIDs are case-insensitive. Most systems store them in lowercase.

Are generated UUIDs stored?

No. All generation happens in your browser. Nothing is uploaded or saved.

UUID / GUID Generator

Processed locally · Never leaves your browser

Generate cryptographically random UUIDs for databases, APIs, and distributed systems. Runs entirely in your browser.

UUID Version

Number of UUIDs

UUID Versions

Version 1 (Timestamp-based)

RFC 4122 compliant — uses a 60-bit timestamp (100ns intervals since the UUID epoch Oct 15, 1582), a random clock sequence, and a random node ID. Useful when you need time-ordered UUIDs.

Version 4 (Random)

Randomly generated. Most commonly used. Provides good uniqueness guarantees.

Runs entirely in your browser — nothing is uploaded

Runs in your browser

Next steps

Hash Generator

Recommended

Generate secure MD5, SHA-256, and SHA-512 hashes from any text.

Password Generator

Recommended

Create strong, random passwords that are virtually uncrackable.

Fake Data Generator

Create realistic names, emails, and addresses for testing.

Base64 Converter

Encode or decode Base64 in one click — works with text and files.

View all tools →

Runs entirely in your browser. No uploads. Your files stay private.

What Is a UUID?

A UUID (Universally Unique Identifier), sometimes called a GUID by Microsoft, is a 128-bit value defined originally by the Open Software Foundation, then RFC 4122, and most recently RFC 9562. It is rendered as 32 lowercase hex digits separated by hyphens into the canonical 8-4-4-4-12 grouping (xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx). Two of those 128 bits encode the variant; another four encode the version. The remaining 122 bits carry the actual identifier.

This generator produces v4 (random) and v1 (time-based) UUIDs. v4 is the workhorse used by almost every modern system: 122 of the 128 bits are random, giving a collision probability so small that you would need to generate 1 billion UUIDs per second for 85 years before reaching a 50 percent chance of any duplicate (the birthday-paradox bound). For v4 we prefer the browser's built-in window.crypto.randomUUID() when available — that is a native, cryptographically secure implementation specified in the Web Crypto API. We fall back to a manual implementation seeded with Math.random only on browsers without that API.

v1 is more involved. It encodes a 60-bit timestamp counted in 100-nanosecond intervals since the Gregorian reform date 1582-10-15 UTC (the UUID epoch). Our implementation reconstructs that count from Date.now(), splitting it into 16-bit halves to keep arithmetic within JavaScript's 53-bit safe integer range. The clock_seq field gets random bits (the spec allows random initialization on each generator instance), and the node identifier — historically a MAC address — is also random because browsers cannot read network hardware addresses.

Use v1 when you need IDs that are roughly time-sortable so they cluster together on disk and in indexes (which can dramatically improve insert performance on B-tree primary keys in MySQL). Use v4 when you do not want the timestamp to leak when a record was created, or when you do not need ordering. If you want both ordering and randomness, look at v6 and v7 from RFC 9562, ULID, or KSUID — modern alternatives that solve the index-locality problem of v4 without leaking generator metadata like v1.

Common pitfalls to avoid: treating the version nibble or variant bits as random (they are not — they are fixed by the spec, which is why generated UUIDs always have a 4 or 1 at position 13 and one of 8/9/a/b at position 17); storing UUIDs as VARCHAR(36) when binary(16) would save space and speed indexes (Postgres has a native uuid type, MySQL needs UUID_TO_BIN); using v4 as a security token (it is not — 122 bits is plenty for uniqueness but treat it as predictable enough to require additional entropy when authentication is at stake); and relying on uniqueness across systems that all use Math.random — only the crypto-backed implementations are truly collision-safe at scale.

Performance details that surprise people: PostgreSQL stores UUIDs in 16 bytes natively and indexes them well, but the random distribution of v4 causes B-tree fragmentation in clustered indexes (MySQL InnoDB primary keys) — that is why high-throughput systems often pick v1, v6, v7, or ULID. SQL Server's default GUID generation is non-sequential too, but NEWSEQUENTIALID exists for the same reason.

All generation happens locally. Nothing is sent over the network. crypto.randomUUID() draws from the OS CSPRNG, while the v1 implementation uses Math.random for the clock and node fields, which is sufficient for uniqueness but explicitly not cryptographically secure — do not use v1 output here as a session token.

Common Use Cases

Database primary keys

Replace auto-increment IDs with UUIDs to allow distributed inserts and avoid leaking record counts.

API resource identifiers

Mint stable IDs for resources that survive across environments and remain unique even when replicas merge data.

Cross-service correlation

Generate request or trace IDs that can be threaded through microservice logs without coordination.

File and object storage names

Avoid filename collisions in S3, GCS, or Azure Blob by prefixing or replacing user-supplied names with a UUID.

Frequently Asked Questions

v1 is time-based and roughly sortable; the first segments encode a timestamp. v4 is fully random in 122 of its 128 bits, with no embedded structure beyond the version and variant nibbles. v4 is the default choice; v1 is appropriate when you need time ordering for index locality.

Mathematically possible, practically impossible at any normal scale. With 2^122 distinct values, the birthday-bound probability of a collision after 1 billion UUIDs is about 1 in 10^18. You will run out of computers before you collide.

No. The hex digits a-f are case-insensitive per the spec. Lowercase is the canonical form most libraries emit and most databases accept.

It depends. Postgres handles UUID primary keys efficiently with its native type. MySQL InnoDB suffers from index fragmentation when primary keys are random — many teams switch to v7 or ULID, or store UUIDs in BINARY(16) with a swapped byte order. Measure before deciding.

It is unique, but not necessarily appropriate for authentication. v4 is generated from a CSPRNG when crypto.randomUUID is used, but version and variant bits are predictable and v4 is not formally specified as a security primitive. For session tokens, use a dedicated CSPRNG token with at least 128 bits of pure entropy.

RFC 9562 added v6 (reordered v1 for sortability), v7 (Unix timestamp + random tail, monotonically sortable), and v8 (custom). v7 in particular is rapidly becoming the recommended default for systems that need both random and sortable IDs. This tool currently emits v1 and v4 only.

Browsers do not expose hardware addresses for privacy reasons. The original v1 spec used the MAC for the node field; this implementation substitutes random bits, which RFC 4122 explicitly permits.

16 bytes binary, 36 characters in canonical text form (32 hex digits plus 4 hyphens), or 32 characters without hyphens. Postgres uuid type and SQL Server uniqueidentifier store the binary form. Storing as TEXT or VARCHAR(36) more than doubles the bytes per row.

No. Each call to crypto.randomUUID returns fresh entropy, and the v1 path mixes the current time with random bits. The same input does not produce the same output — UUIDs are not seeded.

No. Generation runs in your browser via crypto.randomUUID and Math.random. Nothing is sent to a server, logged, or persisted between page loads.