Open in app

Sign in

Write

Sign in

Mastodon

Understanding UUID: Purpose and Benefits of a Universal Unique Identifier

What is a UUID, what variants and versions exist, and for what specific purpose each version is suitable?

Michal Gasparik
8 min readJun 10, 2023

The abbreviation UUID stands for Universal Unique IDentifier, sometimes also referred to as GUID (Globally Unique IDentifier). It is a 128-bit integer used for data identification in computer systems. UUIDs are generated according to specific standards, which we will discuss, and they are designed to guarantee nearly absolute uniqueness.

Their uniqueness does not depend on coordination between specific parties that generate them. While their uniqueness is not zero, it approaches it so closely that the risk of duplication is highly negligible.

Therefore, anyone can generate a UUID for their identification needs, with the assurance that this UUID will not match the UUID identifying something else. UUIDs generated by independent parties can, for example, be merged into a single database without causing any duplicate identifiers when merging the data.

UUID uniqueness is not zero, but it approaches it so closely that the risk of duplication is highly negligible.

The earliest usage of UUIDs can be traced back to the 1980s when Apollo computers employed them in their computing systems. Subsequently, other organizations adopted UUIDs for similar purposes. During that time, UUIDs were typically 64 bits in length.

Photo by Lorenzo Herrera on Unsplash

UUID Format

UUID has a canonical form of 16 bytes represented as 32 hexadecimal digits (base-16), arranged in 5 groups separated by hyphens, namely 8–4–4–4–12, totaling 36 characters (32 alphanumeric characters and 4 hyphens). As a result, a UUID can appear, for example, like this:

8ca0fd81-fd03-438c-8730-c6c4e7ef4aa9

Two of the characters tell what version and UUID variant it is.

xxxxxxxx-xxxx-Mxxx-Nxxx-xxxxxxxxxxxx

UUID Variants

Variant 0

This variant is designed for backward compatibility with the now-obsolete Apollo Network Computing System 1.5 UUID format developed around 1988, where the values of N range from 0 to 7.

Variant 1

This variant, known as RFC 4122/DCE 1.1 UUIDs or “Leach-Salz” UUIDs, is denoted by values of N ranging from 8 to b.

Variant 2

This variant, characterized in the RFC as “reserved, Microsoft Corporation backward compatibility,” is denoted by values N ranging from c to d. It was specifically utilized for early GUIDs on the Microsoft Windows platform.

Variant 3

This range, indicated by values of N from e to f, is currently reserved for future use.

UUID Versions

UUID Version 1 (time and node based)

These are the classical UUIDs, created out of a 60-bit system time, a 14-bit local clock sequence, and a 48-bit system MAC address. The MAC address can be either the real one of a physical network interface card (NIC) or a random multicast MAC address. Version 1 UUIDs are usually used as one-time global unique identifiers.

Visualization: time-based UUID 1 segments
Visualization: version and variant of UUID

These field names correspond to time-based UUIDs in version 1, but the canonical form of 8–4–4–4–12 is the same for all UUIDs regardless of their generation method.

Pros of UUID v1

Despite the inherent lack of uniqueness in MAC addresses, the risk of collisions in UUIDs remains relatively low. The probability of encountering duplicated UUIDs within the same network system is unlikely. Furthermore, the inclusion of a clock sequence provides an additional layer of protection against duplication.

Cons of UUID v1

Mainly anonymity, as the MAC address is directly encoded into the UUID, and the possibility to guess clock sequence, if an attacker knows the previous UUIDs, they can easily predict the next ones.

The recommendation is not to use this UUID for authorization purposes. It can pose a security risk, primarily due to its predictability.

UUID Version 2

It is not recommended to use. Many UUID implementations omit version 2 due to its shortcomings. In short — issues in the UUIDv2 generation scheme lead to collisions with other generated UUIDv2s.

UUID Version 3 (name-based, MD5)

These UUIDs, also known as name-based UUIDs, are generated by taking the 128-bit MD5 message digest of a concatenated string consisting of a 128-bit namespace UUID and a name string of any length. These UUIDs are commonly employed when there is a need for repeatable, yet non-unique, message digest identifiers.

“Pseudocode” for visualizing the generation of UUID version 3

uuid3 = md5(namespace + name)

You can read about the pros and cons of using UUID Version 3 below.

UUID Version 4 (random data-based) — The Most Popular

Are based on random numbers generated from a reliable source of randomness. The structure of a UUID Version 4 consists of 128 bits, represented by 32 hexadecimal digits. Unlike other versions that include specific components derived from certain inputs, UUID Version 4 relies solely on random numbers to create unique identifiers.

The primary advantage of UUID Version 4 lies in its randomness. Each generated UUID is statistically independent of any other UUID, making collisions highly unlikely. This property makes UUID Version 4 ideal for situations where uniqueness and unpredictability are crucial, such as in cryptographic applications or distributed systems.

Pros of UUID v4

Not require metadata. This type of UUID is completely random and anonymous. Nearly zero chance of UUID collision.

Cons of UUID v4

It does not contain any metadata, so in some cases, it may be difficult to discern the context.

UUID Version 5 (name-based, SHA-1)

These are UUIDs based on the 160-bit SHA-1 message digest of the concatenation of a 128-bit namespace UUID and a name string of arbitrary length. Version 5 UUIDs are usually used for non-unique but repeatable message digest identifiers.

“Pseudocode” for visualizing the generation of UUID version 5

uuid5 = sha1(namespace + name)

When to Use: UUIDv3 vs UUIDv5

Which version of UUID is appropriate to use in each case?

UUID v3

  • Optimal performance is crucial, especially when system resources are constrained
  • When it is not an issue that the original inputs for name and namespace may be known. (less secure MD5 hashing)

UUID v5

  • Performance doesn’t matter
  • You don’t want the original name and namespace to be known (much secure SHA-1 hashing)

Pros of UUID v3, UUID v5

No other version of UUID ensures that the input matches the output.

Cons of UUID v3, UUID v5

Not necessarily a negative, but they still contain both input and output and for maintaining maximum randomness, these versions are not suitable.

Special UUIDs

Nil UUID — The “nil” UUID is a unique case representing the UUID 00000000-0000-0000-0000-000000000000, where all the bits are set to zero.

Omni UUID — The “omni” UUID is a unique and special case represented by the UUID FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFF, where every single bit is set to one.

Photo by Taylor Vick on Unsplash

Application UUID in the programming world

UUIDs have become an essential part of the programming world, offering a range of uses and benefits. Here are some common applications of UUIDs in programming.

Database Records

  • Frequent usage as primary keys or distinctive identifiers for database records. They offer a means to distinctly identify and refer to individual data entries, facilitating streamlined data management and retrieval processes.

Distributed Systems

  • In distributed systems where multiple nodes or services are involved, UUIDs serve as globally unique identifiers. They help in coordinating and synchronizing data across different components, ensuring consistency and avoiding conflicts.

Web Applications

  • These identifiers, such as session IDs, enable secure tracking and management of user sessions by the server. Moreover, they play a crucial role in generating distinct URLs or resource identifiers, guaranteeing resource uniqueness and availability.

Data Replication

  • A fundamental role is played by identifiers that ensure the accurate synchronization and integrity of data when replicating between databases or systems. These identifiers enable the identification and matching of corresponding records, ensuring precise alignment and preservation of data integrity.

Message Queues and Pub/Sub Systems

  • Valuable in message queues and publish-subscribe systems. They enable message or event tracking and identification, facilitating reliable message processing, ordering, and deduplication.

Testing and Mocking

  • Commonly used in software testing and mocking scenarios. They provide unique identifiers for test data, allowing developers to create realistic test environments and simulate various scenarios without conflicts.

Security and Access Control

  • Can be used in access control mechanisms, such as generating secure tokens or authorization keys. By using UUIDs, systems can ensure the uniqueness and randomness of generated keys, enhancing security and mitigating the risk of unauthorized access.

Conclusion

In summary, UUIDs find wide-ranging applications in the programming world, providing unique identifiers, facilitating data synchronization, enabling distributed systems, ensuring data integrity, and enhancing security. Their versatility and uniqueness make them invaluable tools for developers in various domains and programming paradigms.

Choosing the appropriate UUID version for your use case is crucial to ensure compatibility, uniqueness, and adherence to specific requirements. Whether you require time-based identifiers, secure hashing algorithms, or purely random values, understanding the characteristics and suitability of each UUID version is essential. Consider the unique needs of your application or system to make an informed decision and leverage the power of UUIDs effectively.

JavaScript and Native UUID Function

randomUUID() is a new method introduced in the ECMAScript 2021 (ES12) standard. It allows generating unique identifiers in the UUID v4 (random data-based).

Usage

The native randomUUID() function is available on the crypto object in environments that support the latest JavaScript standards (e.g., modern web browsers).

const uuid = crypto.randomUUID();
console.log(uuid);
3b241101-e2bb-4255-8caf-4136c566a962

UUID Generator Online

To generate some Nano IDs quickly, you can use the UUID Generator at https://www.devgyver.tech/uuid

Do you like UUID? Claps 👏, follow, and share on social media.

Are You Exploring Alternatives to UUID? Consider Nano ID for Your Project

https://medium.com/@gaspm/nano-id-popular-secure-and-url-friendly-unique-identifiers-1fa86c9fdf7c

Uuid
Programming
Programming Tips
JavaScript
Web Development

--

--

Michal Gasparik

Written by Michal Gasparik

35 Followers

Software Developer, focused on Frontend Development and Angular Framework.

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams