A UUID is a 128-bit universally unique identifier represented as 32 hex digits in 8-4-4-4-12 format, defined in RFC 9562.

Is this UUID generator safe for production?

This tool uses crypto.getRandomValues(), the same cryptographically secure RNG as Web Crypto API. No UUID is sent to any server.

UUID Generator — v4 & v7 Bulk UUID Generator

When to Use a UUID Generator

UUIDs (Universally Unique Identifiers) are used as database primary keys (avoiding sequential ID guessing attacks), file names for uploaded assets, session tokens, idempotency keys in APIs, distributed system node identifiers, and anywhere a globally unique ID is needed without a central coordinator. UUID v4 (random) is the most widely used format, the probability of collision between two UUIDs is astronomically small (~1 in 5.3 × 10³⁶).

UUID Versions Explained

v1: Time-based + MAC address. Sortable by creation time, but leaks MAC address. Mostly legacy.

v3: MD5 hash of a namespace + name. Deterministic — same inputs always produce the same UUID.

v4: Random (cryptographically secure). Most common. Use when you just need a unique ID.

v5: SHA-1 hash of a namespace + name. Like v3 but uses SHA-1. Preferred over v3.

v7 (RFC 9562, 2024): Time-ordered random UUID — sortable like v1 but without MAC address leak. Ideal for database primary keys (better index performance than v4).

How the UUID Generator Works

Select a UUID version (v4 or v7), choose a quantity (1, 10, 50, or 100), toggle uppercase and hyphens, then click Generate. All randomness comes from the browser's built-in crypto.getRandomValues() — cryptographically secure and never sent to any server.

UUID v4 uses 122 bits of pure randomness. UUID v7 encodes the current Unix timestamp in the top 48 bits, making the identifier time-sortable — useful for database primary keys where insertion order matters (PostgreSQL, MySQL, SQLite). Both formats follow the same 8-4-4-4-12 hyphenated hex representation.

Reference

This tool implements UUID versions 4 and 7 as defined in RFC 9562 — A Universally Unique IDentifier (UUID) URN Namespace (May 2024, rfc-editor.org/rfc/rfc9562). RFC 9562 obsoletes RFC 4122 and introduces UUID versions 6, 7, and 8. Section 5.4 specifies UUID v4 and Section 5.7 specifies UUID v7.

What's here, and what's not

UUID v4 (random) and UUID v7 (time-ordered) generation in bulk quantities of 1, 10, 50, or 100. Formatting options: uppercase, strip hyphens. One-click copy per UUID and copy-all. Download as .txt for bulk use.

What isn't here: UUID v1 (MAC address + time), v2 (DCE Security), v3 (MD5 name-based), v5 (SHA-1 name-based), or v6 (reordered time). Those versions either expose MAC addresses (privacy concern), require a namespace URI input, or are rarely used in modern applications. UUID v4 and v7 cover the vast majority of practical use cases.

Frequently Asked Questions

What is a UUID?

A UUID (Universally Unique IDentifier) is a 128-bit label guaranteed to be unique across time and space. It is represented as 32 hexadecimal digits in a 8-4-4-4-12 format, e.g. 550e8400-e29b-41d4-a716-446655440000. Defined in RFC 9562, UUIDs are used as database primary keys, API identifiers, session tokens, and anywhere a globally unique ID is needed without central coordination.

What is the difference between UUID v4 and v7?

UUID v4 uses 122 bits of cryptographic randomness — no structure, no time component. UUID v7 encodes the current Unix timestamp in milliseconds in the first 48 bits, followed by random bits. This makes v7 UUIDs lexicographically sortable and more efficient as database primary keys (fewer index fragmentation issues). Use v7 for database PKs, v4 when you just need a random opaque ID.

Is this tool safe to use for production UUIDs?

Yes, for non-sensitive contexts. This tool uses crypto.getRandomValues(), the same cryptographically secure RNG used by Web Crypto API. No UUID is sent to any server. However, for production system UUIDs, generating them server-side in your application code (using uuid npm package or your language's stdlib) is the recommended practice.

Where is the UUID specification documented?

The authoritative specification is RFC 9562 — A Universally Unique IDentifier (UUID) URN Namespace, published by the IETF in May 2024. It is available at rfc-editor.org/rfc/rfc9562. RFC 9562 obsoletes RFC 4122 (2005) and adds UUID versions 6, 7, and 8.

What does the 'Version' and 'Variant' byte mean in a UUID?

In a UUID, the 13th hex digit (bits 48–51) encodes the version number — '4' for v4, '7' for v7. The 17th hex digit (bits 64–65) encodes the variant — '8', '9', 'a', or 'b' for RFC 9562 compliant UUIDs (binary 10xx). You can identify a UUID version by looking at these two positions: xxxxxxxx-xxxx-[version]xxx-[variant]xxx-xxxxxxxxxxxx.

Is UUID v4 safe to use as a database primary key?

Yes, with caveats. UUID v4 is safe for security (unpredictable) and uniqueness (collision probability negligible). The performance concern is index fragmentation: random UUIDs cause B-tree indexes to insert at random positions, leading to page splits and degraded write performance at large scale. Solutions: use UUID v7 (time-ordered), use ULID, or use a sequential UUID generated at the application layer. For most applications under millions of rows, v4 performance is fine.

What is the format of a UUID?

A UUID is 128 bits represented as 32 hexadecimal digits in 5 groups: xxxxxxxx-xxxx-Mxxx-Nxxx-xxxxxxxxxxxx. The M digit indicates the version (4 for v4). The N digit is 8, 9, a, or b — indicating the variant. Example: 550e8400-e29b-41d4-a716-446655440000. The total number of possible v4 UUIDs is 2¹²² ≈ 5.3 × 10³⁶.

By Bam's Thinkery — Updated May 2, 2026