UUID Generator

UUID stands for Universally Unique Identifier—a 128-bit number formatted as a 36-character string that identifies something uniquely across all systems worldwide. The format is 8-4-4-4-12 hexadecimal digits separated by hyphens, like f47ac10b-58cc-4372-a567-0e02b2c3d479. It was standardized in RFC 4122 and adopted across the software industry. UUIDs solve the problem of generating unique IDs without requiring a central authority to coordinate them. They're used for database keys, document IDs, session tokens, and anywhere else uniqueness matters. The key feature is that you can generate UUIDs independently on different systems and still be virtually certain they'll never collide.

UUID v1 generates identifiers using timestamp and machine MAC address. This makes them time-sortable and includes information about when and where they were created—but raises privacy concerns since the MAC can be traced to specific hardware. UUID v4 uses cryptographically random numbers for all bits except a few reserved ones, making them completely random and non-traceable. Most modern applications use v4 because it's simpler, doesn't expose system information, and provides sufficient uniqueness. v1 has historical value for debugging (you can extract timestamp from the UUID) and certain distributed systems that benefit from time-ordering. v4 is the default choice for new projects.

Technically yes—UUIDs are not guaranteed to be unique, just probabilistically unique. With 122 random bits (v4), there are 5.3 × 10^36 possible UUIDs. The probability of generating a duplicate in a set of n UUIDs is approximately n²/(2×2^122). For context, generating a billion UUIDs per second for 85 years gives you about 2.7 × 10^16 UUIDs—and the chance of one duplicate in that set is about 1 in 2.7 × 10^20. Basically, the probability is so infinitesimally small that for all practical purposes, UUIDs are unique. You're more likely to be hit by a meteor while winning the lottery twice in a row than to generate a duplicate UUID.

There's no functional difference—GUID (Globally Unique Identifier) is simply Microsoft's name for the same thing. UUID is the international standard defined in RFC 4122, while GUID is what Microsoft called their implementation. Windows uses GUID terminology in its APIs and documentation, but internally it follows the same UUID standard. Most systems accept both terms interchangeably, and libraries often convert between them automatically. You might see "GUID" in older Windows documentation or legacy systems, while "UUID" is more common in cross-platform and web development. They're the same 128-bit identifier in the same 8-4-4-4-12 format.

Use UUIDs as primary keys when you need distributed ID generation (multiple servers creating records independently), when you merge databases or share data across systems, when IDs might be exposed in URLs (UUIDs don't reveal sequence or count), or when you need to generate IDs before inserting into the database. They're essential for microservices, event sourcing, and distributed systems. However, consider the tradeoffs: UUIDs are larger than integers (36 vs 4 bytes), can impact database performance for very high-write scenarios, and aren't naturally sortable by creation time (unless you use UUID v1 or a time-sortable variant like K-Sortable IDs). For simple single-server applications, auto-incrementing integers often work fine.

UUID v4 generates 122 bits of randomness using a cryptographically secure random number generator. The remaining 6 bits are fixed values that identify the UUID as version 4. Specifically, the third segment starts with "4" (version 4), and the fourth segment starts with "8", "9", "a", or "b" (variant bits). The randomness comes from the operating system's CSPRNG (cryptographically secure pseudo-random number generator)—on modern systems this is typically from /dev/urandom on Unix or CryptGenRandom on Windows. This randomness is what guarantees uniqueness. Weak random number generators could theoretically produce collisions, but FluxToolkit uses the browser's secure random API.

RFC 4122 specifies UUIDs in lowercase hexadecimal, but virtually all systems accept uppercase as well. UUIDs are often stored and displayed in lowercase for readability, but the underlying 128-bit value is the same regardless of case. Most databases normalize UUIDs to lowercase when storing them. Some systems (particularly certain MySQL configurations) may behave inconsistently with mixed case. For maximum compatibility, use lowercase consistently. The hexadecimal characters a-f can be written as either upper or lower case—the number 10 can be written as either "a" or "A", and both represent the same value.

In a UUID like f47ac10b-58cc-4372-a567-0e02b2c3d479, each section has meaning. The first three segments (f47ac10b-58cc-4372) contain the version and variant bits plus either timestamp/MAC (v1) or random bits (v4). The fourth segment (a567) contains more random bits plus the variant identifier. The fifth segment (0e02b2c3d479) is entirely random. The hyphens are just visual separators—the 32 hex digits are actually a continuous 128-bit number. For v4 UUIDs, the "4" in the third segment's first position marks it as version 4, and the "a" in the fourth segment's first position marks it as the correct variant for RFC 4122 compliance.