TextDeveloperConvertersGeneratorsBlogAboutContact

Base64 Encoding Explained in Plain English

By the Autonomiq Tech Editorial Team · Reviewed against our editorial standards · 5 min read · Last reviewed 2026

By the Autonomiq Tech · Reviewed against our editorial standards · 6 min read · Last reviewed 2026

What is a UUID?

A UUID is a 128-bit number typically represented as 32 hexadecimal digits grouped into 5 sections separated by hyphens, such as '550e8400-e29b-41d4-a716-446655440000'. The standard format is 8-4-4-4-12 hexadecimal characters, creating a 36-character string including hyphens.

UUIDs were standardized by the Open Software Foundation and are now defined in RFC 4122. The 128-bit space is so large that randomly generated UUIDs have an extremely low probability of collision even without any coordination system to track issuance.

UUID versions and their uses

There are several versions of UUIDs, each using different generation methods. The most commonly used versions are UUIDv1, UUIDv3, UUIDv4, and UUIDv5. Each version has specific characteristics that make it suitable for different scenarios.

Version 1 (time-based)

  1. Generated using the current timestamp and the MAC address of the generating computer.
  2. Provides inherent ordering because UUIDs generated later have larger timestamp values.
  3. Privacy concern: the MAC address reveals information about the generating machine.
  4. Useful when you need sortable IDs and can accept the privacy implications.

Version 3 (namespace-based MD5)

  1. Generated by hashing a namespace UUID and a name using MD5.
  2. The same name in the same namespace always produces the same UUID.
  3. MD5 is no longer considered cryptographically secure.
  4. Deterministic but MD5 means this version is now rarely recommended for new systems.

Version 4 (random)

  1. Generated using random or pseudo-random numbers.
  2. No meaningful information encoded, offering better privacy than v1.
  3. Most common version for general-purpose unique identifiers.
  4. 122 random bits with 6 fixed bits that indicate version and variant.

Version 5 (namespace-based SHA-1)

  1. Generated by hashing a namespace UUID and a name using SHA-1.
  2. Deterministic: same name and namespace always produce the same UUID.
  3. SHA-1 is stronger than MD5 but still not recommended for new cryptographic uses.
  4. Useful when you need reproducible IDs from stable inputs.

Probability of collision

The 128-bit UUID space contains approximately 3.4 × 10^38 possible values. The probability of accidental collision depends on how many UUIDs are generated. To have a 50% chance of collision, you would need to generate approximately 2.71 × 10^18 UUIDs—far more than any practical application would ever create.

In practice, random UUID version 4 collisions are so unlikely that most developers treat UUIDs as truly unique. For comparison, the chance of being struck by lightning in a given year is about 1 in 1,222,000, while a collision when generating 1 billion UUIDv4 values is still far less likely than that.

Common use cases for UUIDs

UUIDs are valuable in any scenario where you need globally unique identifiers without centralized coordination. Their uniqueness across different systems makes them ideal for distributed environments and data integration.

  1. Database primary keys, especially in distributed databases without a central sequence generator.
  2. REST API resource identifiers when you don't want to expose sequential database IDs.
  3. Session tokens and authentication identifiers to prevent predictability and enumeration.
  4. Tracking user actions or events where centralized ID assignment would be impractical.
  5. Microservice coordination where each service generates IDs independently.
  6. Distributed tracing and request correlation across multiple services.

UUIDs vs sequential integer IDs

Sequential integers are simpler, smaller, and provide natural ordering. However, they require coordination in distributed systems and can reveal information about system scale and growth rate through enumeration attacks. UUIDs solve these problems at the cost of larger size and lack of inherent ordering for random versions.

Database performance considerations differ between the two. Random UUIDs can cause index fragmentation because new values are inserted throughout the B-tree rather than at the end. Sequential UUIDs or ordered UUIDs like ULIDs (Universally Unique Lexicographically Sortable Identifiers) address this while maintaining uniqueness properties.

Generating UUIDs in programming languages

Most modern programming languages have built-in UUID generation. Python includes the uuid module in its standard library. JavaScript environments like Node.js provide the crypto.randomUUID() function in recent versions. Java has java.util.UUID, and most other languages have either built-in support or widely-used libraries.

Security considerations

Random UUIDs (version 4) are not designed as security tokens and should not be used for secrets like password reset tokens if stronger alternatives exist. While 122 random bits provide substantial space, dedicated cryptographic tokens with larger entropy pools may be more appropriate for high-security scenarios.

Version 1 UUIDs encode the MAC address of the generating machine, which could be used to track the source of UUIDs across different contexts. If privacy is a concern, prefer version 4 or use a version that doesn't include MAC addresses.

  1. Avoid using UUIDs as password reset tokens in high-security applications when possible.
  2. Be aware that version 1 UUIDs may reveal MAC address information.
  3. Use cryptographically secure random number generators for UUIDv4.
  4. Consider that UUIDs in URLs can be enumerated even if collisions are unlikely.
  5. For security-sensitive identifiers, consider using tokens designed specifically for security.

Summary

A UUID (Universally Unique Identifier) is a 128-bit identifier used to uniquely label information in computer systems. UUIDs are designed to be practically unique across space and time without requiring central coordination. They are widely used for database primary keys, distributed systems, and anywhere a unique identifier is needed without risk of collision.

Key Takeaways

  • UUIDs are 128-bit identifiers designed to be practically unique without central coordination.
  • Version 4 UUIDs are random and are the most common choice for general applications.
  • Version 1 UUIDs include timestamps and MAC addresses for better sorting but have privacy concerns.
  • UUIDs are useful for distributed systems, database keys, and REST API resource identifiers.
  • The probability of UUID collision is astronomically low but not theoretically impossible.

Frequently Asked Questions

q

a

q

a

q

a

q

a

Related Guides