Your V4 UUID — Click to copy
UUID Anatomy
What is V4?
UUID v4 Generator — Complete Guide
UUID Version 4 is generated using a cryptographically secure random number generator (CSPRNG). It has 122 bits of randomness — the remaining 6 bits are used for the version and variant markers. UUID v4 is defined in RFC 9562 and is the most commonly used UUID version in modern software development. Each v4 UUID is generated independently and with overwhelming probability will be unique across all time and space.
RFC 9562 Definition: UUID v4 uses 122 bits of cryptographically secure random data. The version field (bits 49–52) is set to 0100 (4), and the variant field (bits 65–66) is set to 10. All remaining bits are random, giving 2^122 ≈ 5.3 × 10^36 possible values.
When to Use V4
Use UUID v4 when you need a universally unique identifier and the creation time or other metadata does not need to be encoded in the ID. UUID v4 is ideal for database primary keys where sort order does not matter, session tokens and authentication credentials, API keys and access tokens, file names for uploaded content, tracking pixels and analytics events, and any situation where a unique opaque identifier is needed.
Advantages
- ✅ Cryptographically secure
- ✅ No metadata encoded — fully opaque
- ✅ Universally supported
- ✅ Safe to expose in URLs and APIs
- ✅ 122 bits of entropy
Considerations
- ⚠️ Random insertion order — avoid for clustered DB indexes
- ⚠️ Cannot extract creation time
- ⚠️ Use UUID v7 for sortable IDs
UUID Structure
| Field | Bits | Description |
|---|---|---|
| Version | 4 bits (49–52) | Fixed as 0100 — identifies this as UUID v4 |
| Variant | 2 bits (65–66) | Fixed as 10 — RFC 9562 variant |
| Random | 122 bits (all others) | Cryptographically secure random data |
| Total | 128 bits (16 bytes) | 32 hex chars + 4 hyphens = 36 chars |
Code Examples
JavaScript
// Browser (Web Crypto API) const uuid = crypto.randomUUID(); console.log(uuid); // → 110e8400-e29b-44d4-a716-446655440000 // Node.js 15+ import { randomUUID } from 'crypto'; const uuid = randomUUID();
Python
import uuid # Generate UUID v4 my_uuid = uuid.uuid4() print(my_uuid) # → 550e8400-e29b-41d4-a716-446655440000 # As string my_uuid_str = str(uuid.uuid4())
Java
import java.util.UUID; // Generate UUID v4 UUID uuid = UUID.randomUUID(); System.out.println(uuid.toString()); // As string directly String uuidStr = UUID.randomUUID().toString();
C# / .NET
using System; // Generate GUID (same as UUID v4) Guid guid = Guid.NewGuid(); Console.WriteLine(guid.ToString()); // Specific formats guid.ToString("D"); // 00000000-0000-0000-0000-000000000000 guid.ToString("B"); // {00000000-0000-0000-0000-000000000000}
Frequently Asked Questions
Is UUID v4 truly unique? ▾
Yes, for all practical purposes. With 122 bits of randomness, the probability of collision is 1 in 2^122. Even generating 1 billion UUIDs per second for 100 years, the probability of a collision is negligibly small.
Is UUID v4 safe for session tokens? ▾
UUID v4 is acceptable for session tokens in most applications. With 122 bits of entropy, it cannot be practically guessed. For highest-security applications, consider using 256-bit cryptographically secure random tokens encoded in base64.
What is the difference between UUID v4 and GUID? ▾
Technically nothing — GUID is Microsoft's name for UUID. The format is identical. When displayed as a GUID in Windows/.NET, it is typically uppercase and sometimes wrapped in curly braces.
Does UUID v4 contain any timestamp or machine information? ▾
No. UUID v4 is entirely random. It contains no timestamp, MAC address, or any other metadata. This makes it safe to expose publicly without leaking information about your system.
Should I use UUID v4 or v7 for database primary keys? ▾
Use UUID v7 for database primary keys. UUID v4 is random, which causes index fragmentation in clustered indexes (MySQL InnoDB, SQL Server). UUID v7 is time-ordered, which keeps indexes efficient and performs like an auto-increment integer.
Related Tools