UUID: Trivia and Tips
A companion to the basic UUID page: quick intuition on collisions, sortable alternatives, formatting/encoding, privacy concerns, validation, and handy commands.
🎯 Collision Intuition
Use birthday-paradox intuition to judge risk by bit-length and scale.
UUIDv4 scale of risk
| Count generated | Collision probability (rough) |
|---|---|
| 10^6 | ≈ 0 |
| 10^9 | ≈ 0 (theoretical ~1e-18) |
| 10^12 | Theoretical ~1e-12; in practice still pair with a unique constraint. |
Operational notes
- 🧠 UUID alone is not a mathematical guarantee; enforce uniqueness in storage.
- 🧠 Truncating hashes/IDs raises collision risk proportional to remaining bits (birthday bound).
📈 Time-Ordering and Alternatives
When you need order-friendly IDs, consider these.
Comparison
| Format | Trait | Good for |
|---|---|---|
| UUIDv4 | Pure random; not sortable by time. | General random IDs. |
| UUIDv7 (draft) | Timestamp + randomness; mostly time-ordered. | DB indexes, logs needing order. |
| ULID | Timestamp + Base32; human-readable, sortable. | URLs/logs where readability matters. |
| KSUID | Timestamp + 160-bit random; higher collision resistance. | Ordered IDs with extra safety. |
GUID vs UUID
- ℹ️ GUID is the MS term; format is effectively UUID.
- ℹ️ Normalize case/hyphens to reduce confusion across systems.
✍️ Formatting and Encoding
Set a normalization rule to avoid ambiguity.
Variations
- 🔤 Hyphenated vs not, upper vs lower; pick one and document it.
- 🔤 URN form: `urn:uuid:xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx` is sometimes used.
- 🔤 For shorter forms, encode as Base32/Base64url/Base58—agree on one encoding.
Storage tips
- 💾 For speed, store as BINARY(16) and render as string on output; if storing as text, normalize to lowercase with hyphens.
🕶️ Privacy and RNG Quality
Avoid leaking clues or using weak randomness.
Avoid
- 🚫 UUIDv1 exposes MAC/time; not suitable for public IDs. Use random-node variants if you must use v1.
- 🚫 Non-CSPRNG generators make UUIDs guessable; rely on vetted libraries.
🧪 Validation and Operations
Validate beyond shape when ingesting UUIDs.
Checklist
- ✔️ Check version (first hex of 3rd block) and variant, not just regex shape.
- ✔️ Normalize hyphen/case before storing/comparing.
- ✔️ Watch for encoding mishaps (`%` or `+`) when passed via URLs.
🛠️ Handy Commands
Quick ways to generate/transform.
Examples
- 💻 `uuidgen` for v4 (some environments emit v1).
- 💻 `python - <<'PY'\nimport uuid; print(uuid.uuid4())\nPY`
- 💻 `node -e \"console.log(crypto.randomUUID())\"`
- 💻 Remove hyphens: `uuidgen | tr -d \"-\"`