What Is a UUID?
A Universally Unique Identifier (UUID) is a 128-bit label used to identify information in computer systems. The standard format displays as 32 hexadecimal characters separated by hyphens into five groups: 8-4-4-4-12 characters. Something like 550e8400-e29b-41d4-a716-446655440000. That's 2^128 possible values — approximately 340 undecillion, a number with 38 zeros.
The term UUID comes from Open Software Foundation standards, while Microsoft uses the term Globally Unique Identifier (GUID). Practically, they're the same thing. You might encounter them as primary keys in databases, session identifiers in web applications, or unique references for distributed systems that need coordination without a central authority.
Our UUID generator produces v4 (random) UUIDs by default, which are suitable for most applications. But understanding the different versions helps you choose the right one for specific use cases.
UUID Versions Explained
Version 1 uses timestamp and MAC address to create uniqueness. It combines a 60-bit timestamp with the node's MAC address. This enables sorting by creation time but exposes the MAC address (and thus roughly when and where the UUID was created), which creates privacy concerns.
Version 4 generates UUIDs using random numbers. No timestamp, no MAC address, no network information. Privacy-preserving but not sortable. Most web applications should use v4 for its simplicity and privacy properties.
Version 5 uses SHA-1 hashing of a namespace and name. Given the same namespace and name, you always get the same UUID — deterministic and reproducible. This is useful for generating consistent identifiers from stable inputs like domain names or company names.
Version 6 UUIDs (a newer standard) combine v1's sortable properties with privacy improvements — using a random node identifier instead of the MAC address. They're designed for databases and distributed systems that benefit from time-based ordering without the privacy leakage of v1.
Collision Probability: How Unique Is It Really?
The birthday paradox tells us that collision probability doesn't scale linearly with the number of IDs. In a collection of n UUIDs, the probability of at least one collision is approximately n^2 / (2 × 2^122) — not as scary as it looks, but worth understanding.
To have a 50% probability of a single collision, you'd need to generate about 2.7 quintillion UUIDs. That number is so large that you could generate a billion UUIDs per second and run for 85 years before reaching 50% collision probability. For all practical purposes, UUIDs are unique.
The math breaks down only if you intentionally try to create collisions or if the random number generator is flawed. Deprecated implementations, poor random seeds, or flawed algorithms have caused real-world collisions. But a correctly implemented v4 UUID is astronomically unlikely to collide.
Practical Software Development Uses
Database primary keys benefit from UUIDs when you need to merge databases, generate IDs before database insertion, or maintain IDs that don't reveal the count of records. They also work across distributed systems without central coordination.
Session tokens and authentication use UUIDs to identify user sessions without exposing any pattern. A session identifier that's 128 random bits cannot be guessed or enumerated, providing security through sheer randomness.
File identifiers and references use UUIDs to track versions, revisions, and relationships between documents across systems that might not coordinate closely. A document might have a UUID that persists regardless of filename, location, or cloud storage changes.