UUID generator and decoder (v4 and v7)

Examples

• Generate mode, version v4 (random), count 10.Generate 10 v4 UUIDs
• Generate mode, version v7 (time-ordered), count 100.Generate 100 v7 UUIDs to seed a table
• Validate mode. Paste the UUID and inspect version and variant.Validate a UUID copied from a log
• Decode mode. The tool shows ISO, local time and age.Extract the date from a v7 UUID

Frequently asked questions

What is the difference between UUID v4 and v7?

v4 is 128 bits of cryptographic randomness with four fixed version bits. It is the universal option when you only need a unique identifier and creation order does not matter. v7 reserves the 48 most significant bits for a Unix millisecond timestamp, so two UUIDs created seconds apart sort alphabetically in chronological order. v7 is recommended when you plan to use the UUID as a primary key in a relational database (Postgres, MySQL) because it improves B-tree index locality.

Does my data leave the browser?

No. Generation uses local Web Crypto API (`crypto.randomUUID` when available, fallback with `crypto.getRandomValues`). Neither the generated UUIDs nor the input you paste in Validate or Decode is sent to a server. Verify it by opening DevTools on the Network tab while using the tool.

Why no v1, v3, v5 or v6?

v1 leaks the issuer's timestamp + MAC, which I would rather not enable. v3 and v5 require namespace + name (a UUID derived by hashing another identifier), which adds complex UI without demonstrated demand in real queries. v6 is an experimental variant that predates v7 and is now obsolete. v8 is custom with no fixed semantics. v4 and v7 cover 95% of modern real usage.

Can I use a v4 UUID as a session secret or auth token?

A v4 UUID has 122 bits of cryptographic entropy, enough for a random token. But the canonical lowercase-with-dashes format is very recognizable: if it shows up in a log or URL, it screams its origin. For session secrets prefer `crypto.getRandomValues(new Uint8Array(32))` encoded in base64url (256 bits, no recognizable shape). For row or record identifiers, a v4 UUID is fine.

What about the node field in v1?

The node field is the last 48 bits of a v1 UUID. It originally carried the issuer's MAC, but RFC 9562 §5.1 explicitly allows randomizing it to avoid identity leaks. Many modern libraries (including `uuid` in Node) generate that field with random bytes. The tool shows the node field as hex and labels it accordingly so it does not imply it is always a real MAC.

Is my v7 UUID actually time-orderable?

Yes, lexicographically. The first 48 bits are a big-endian Unix ms timestamp, so for two v7 UUIDs generated at different moments, the more recent one is always greater alphabetically. This benefits B-tree indexes in databases (Postgres, MySQL): near-sequential inserts reduce fragmentation compared to v4. Within the same millisecond, ordering is random (the next bits are random).

What is the actual collision rate between v4 UUIDs?

With 122 effective bits, the probability of collision is astronomically low: you would need to generate billions of UUIDs per second for decades to see an appreciable chance. In practice, if your generator uses a cryptographic source (Web Crypto), collisions are not a risk to worry about. What can happen: sharing the same seed across machines (not applicable with Web Crypto) or reusing IDs due to bugs.

Can I paste UUIDs without dashes?

Yes. The tool accepts the 32 hex characters with or without dashes, uppercase or lowercase. It always normalizes to canonical lowercase with dashes on the output.