UUID Versions Explained: v1 vs v4 vs v7 — Which Should You Use?
UUIDs are everywhere in software development: database primary keys, API identifiers, session tokens, distributed system coordination. But not all UUIDs are created equal. Each version has different properties regarding randomness, sortability, privacy, and performance. This guide explains what you need to know to pick the right one.
What is a UUID?
A UUID (Universally Unique Identifier) is a 128-bit value designed to be unique across space and time without requiring a central coordinating authority. Standardized in RFC 9562 (which replaced the older RFC 4122 in 2024), UUIDs are displayed as 32 hexadecimal characters in a specific 8-4-4-4-12 format:
550e8400-e29b-41d4-a716-446655440000
^^^^^^^^ ^^^^ ^^^^ ^^^^ ^^^^^^^^^^^^
time-low mid hi var node
+verThe version number is encoded in the first nibble of the third group (bits 48-51). The variant field in the fourth group indicates which UUID specification the value conforms to. For the standard variant (RFC 9562), the first one or two bits of this field are 10 in binary, meaning it always starts with 8, 9, a, or b.
Need to generate UUIDs quickly? Use our free UUID generator to create v4 UUIDs instantly in your browser.
UUID Versions at a Glance
There are eight UUID versions defined in RFC 9562. In practice, three are commonly used: v1, v4, and the newer v7. Here is an overview of all versions:
| Version | Source | Sortable | Status |
|---|---|---|---|
| v1 | Timestamp + MAC address | Partially (reordered time bits) | Legacy, privacy concerns |
| v2 | Timestamp + MAC + DCE domain | No | Rarely used |
| v3 | MD5 hash of namespace + name | No | Use v5 instead (SHA-1) |
| v4 | 122 random bits | No | Most widely used |
| v5 | SHA-1 hash of namespace + name | No | Deterministic UUIDs |
| v6 | Reordered v1 timestamp | Yes | v7 preferred for new projects |
| v7 | Unix timestamp + random | Yes | Recommended for new projects |
| v8 | Custom / vendor-specific | Depends | Experimental |
UUID v1: Timestamp + MAC Address
UUID v1 combines a 60-bit timestamp (100-nanosecond intervals since October 15, 1582) with the 48-bit MAC address of the generating machine and a 14-bit clock sequence to handle rapid generation.
Example UUID v1: 6ba7b810-9dad-11d1-80b4-00c04fd430c8
^ ^^^^^^^^^^^^
version=1 MAC addressProblems with UUID v1
- Privacy risk: The MAC address reveals the generating machine's hardware identity
- Not naturally sortable: The timestamp bits are not in the most-significant position, so lexicographic sorting does not match chronological order
- Clock dependency: Requires a stable system clock; clock rollbacks can cause collisions
UUID v1 is still found in legacy systems (Cassandra, for example, has historically used time-based UUIDs) but should be avoided in new applications due to privacy concerns.
UUID v4: Random
UUID v4 is the most popular version. It fills 122 of its 128 bits with cryptographically random data (6 bits are reserved for version and variant). This makes v4 UUIDs simple, private, and unpredictable.
// Generate UUID v4 in JavaScript (modern)
const id = crypto.randomUUID();
// => "f47ac10b-58cc-4372-a567-0e02b2c3d479"
// ^ version = 4
// Generate UUID v4 in Python
import uuid
id = uuid.uuid4()
// => UUID('a3bb189e-8bf9-3888-9912-ace4e6543002')Strengths of UUID v4
- Privacy-safe: No embedded hardware or timestamp information
- Simple to generate: Only requires a good random number generator
- Widely supported: Available in every language and platform
- Unpredictable: Cannot guess adjacent IDs from a known ID
Weaknesses of UUID v4
- Not sortable: Random distribution causes B-tree index fragmentation in databases
- No timestamp: You cannot extract creation time from the ID
- Large: 16 bytes vs 8 bytes for a 64-bit integer
Generate UUID v4 values instantly with our UUID generator tool, which creates cryptographically random identifiers directly in your browser.
UUID v7: The Best of Both Worlds
UUID v7, introduced in RFC 9562 (2024), combines a 48-bit Unix timestamp in milliseconds with 74 bits of randomness. The timestamp occupies the most significant bits, making v7 UUIDs naturally sortable in chronological order.
UUID v7 structure (128 bits):
┌──────────────────────┬────┬──────────┬──┬───────────────────────┐
│ unix_ts_ms (48) │ver │ rand_a │va│ rand_b (62) │
│ │(4) │ (12) │(2)│ │
└──────────────────────┴────┴──────────┴──┴───────────────────────┘
Example: 018f6a7c-d1e0-7b3a-9c4d-8e2f1a3b5c7d
^^^^^^^^^^^ ^
timestamp version = 7Why UUID v7 is Recommended for New Projects
Database Performance
Sequential nature means B-tree indexes grow efficiently. Inserts are always at the end of the index, avoiding page splits and fragmentation. Benchmarks show 2-10x faster inserts compared to UUID v4 in PostgreSQL and MySQL at scale.
Built-in Timestamp
You can extract the creation time from the ID without a separate created_at column. Useful for debugging, auditing, and time-range queries.
Privacy-Safe
Unlike v1, no MAC address or hardware information is embedded. The random component prevents guessing adjacent IDs from a known timestamp.
Drop-in Replacement
Same 128-bit, 32-hex-character format as v4. Works with existing UUID columns, indexes, and application code without schema changes.
UUID v5: Deterministic, Name-Based
UUID v5 generates a consistent UUID from a namespace UUID and a name string by hashing them with SHA-1. The same inputs always produce the same UUID, making v5 ideal for generating stable identifiers from known data.
// UUID v5 from URL namespace
import { v5 as uuidv5 } from 'uuid';
const DNS_NAMESPACE = '6ba7b810-9dad-11d1-80b4-00c04fd430c8';
const id = uuidv5('example.com', DNS_NAMESPACE);
// Always produces: cfbff0d1-9375-5685-968c-48ce8b15ae17Use v5 when you need to generate the same UUID from the same input data consistently, such as creating deterministic IDs for content-addressable storage, URL-to-ID mapping, or deduplication systems.
Security Considerations
UUIDs are identifiers, not security tokens. Here is what to keep in mind:
UUIDs Are Not Secrets
Even UUID v4 with 122 random bits should not be used as the sole authentication mechanism. While guessing a specific UUID is impractical, UUIDs are often logged, transmitted in URLs, and stored in databases without encryption. Use proper authentication tokens (JWTs, API keys with HMAC) for security.
v1 Leaks Information
UUID v1 exposes the generating machine's MAC address and the exact creation timestamp. This can reveal infrastructure details to attackers. Always use v4 or v7 for externally-visible identifiers.
v7 Reveals Timing
UUID v7 embeds a millisecond timestamp. If your application requires that creation time not be visible to clients, use v4 instead or do not expose the UUID externally. For most applications, the timestamp is not sensitive information.
Which UUID Version Should You Use?
Use UUID v7 For:
- - Database primary keys (best performance)
- - Event sourcing and audit logs
- - Distributed systems needing time ordering
- - Any new project starting in 2024+
Use UUID v4 For:
- - Session tokens and nonce values
- - Cases where timestamp must not leak
- - Existing systems already using v4
- - Simple scripts and prototypes
Use UUID v5 when you need deterministic IDs derived from known inputs. Avoid UUID v1 in new applications. Use our UUID generator to create UUIDs instantly for testing and development.
Storing UUIDs in Databases
How you store UUIDs significantly impacts query performance and storage size:
-- PostgreSQL: Native UUID type (16 bytes, optimized)
CREATE TABLE users (
id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
name TEXT NOT NULL
);
-- MySQL 8.0+: BINARY(16) for performance
CREATE TABLE users (
id BINARY(16) PRIMARY KEY,
name VARCHAR(255) NOT NULL
);
-- Use UUID_TO_BIN() and BIN_TO_UUID() for conversion
-- Avoid: VARCHAR(36) — wastes 36 bytes vs 16 bytes
-- and prevents binary comparison optimizationsAlways store UUIDs in native UUID or BINARY(16) columns. Never use VARCHAR(36) in production because it doubles storage requirements and slows index lookups due to character-by-character comparison instead of binary comparison.
Generate UUIDs for Your Project
Understanding UUID versions helps you make informed decisions about identifiers in your applications. For new projects, UUID v7 offers the best combination of uniqueness, sortability, and database performance. For existing systems, UUID v4 remains an excellent choice that is supported everywhere.
Bookmark our UUID generator for quick access whenever you need identifiers for testing or development. Explore our other developer tools including a JSON formatter and Base64 encoder.
Try the UUID Generator
Generate UUID v4 values instantly in your browser. Copy with one click and use them in your code, tests, or database seeds.
Open UUID GeneratorFrequently Asked Questions
What is the difference between a UUID and a GUID?
UUID (Universally Unique Identifier) and GUID (Globally Unique Identifier) are the same thing. UUID is the term used in the IETF specification (RFC 9562), while GUID is Microsoft's terminology. They follow the same format: 32 hexadecimal digits displayed in five groups separated by hyphens (e.g., 550e8400-e29b-41d4-a716-446655440000).
Is UUID v4 truly random and unique?
UUID v4 uses 122 bits of randomness, producing 5.3 x 10^36 possible values. The probability of generating two identical UUIDs is astronomically low — you would need to generate 2.71 quintillion UUIDs to have a 50% chance of a single collision. For all practical purposes, they are unique. However, the quality depends on the random number generator used.
Why is UUID v7 better for databases than v4?
UUID v7 embeds a Unix timestamp in its first 48 bits, making the values roughly sortable by creation time. This is critical for database performance because B-tree indexes work efficiently with sequential or nearly-sequential values. UUID v4's random values cause index fragmentation, leading to slower inserts and larger index sizes, especially at scale.
Can someone extract my MAC address from a UUID v1?
Yes. UUID v1 includes the MAC address of the generating machine in its last 48 bits (the node field). This is a privacy and security concern because it reveals hardware identity and can be used for device tracking. This is one of the primary reasons UUID v4 and v7 are preferred in modern applications.
Should I use UUIDs or auto-increment integers for primary keys?
It depends on your requirements. UUIDs are better for distributed systems, microservices, and client-generated IDs because they do not require coordination. Auto-increment integers are smaller (8 bytes vs 16 bytes), faster for joins, and more human-readable. UUID v7 offers a good middle ground: globally unique like UUIDs, but sortable like auto-increment IDs.
How do I generate a UUID in JavaScript?
In modern browsers and Node.js 19+, use crypto.randomUUID() which returns a UUID v4 string. For older environments, use the 'uuid' npm package: import { v4 as uuidv4 } from 'uuid'. For quick one-off generation, use an online UUID generator tool. Never use Math.random() to generate UUIDs as it lacks sufficient entropy.
What is the format of a UUID string?
A UUID is a 128-bit value displayed as 32 hexadecimal characters in five groups separated by hyphens: 8-4-4-4-12. For example: 550e8400-e29b-41d4-a716-446655440000. The version number is encoded in the first digit of the third group (the '4' in the example indicates UUID v4). The variant is encoded in the first digit of the fourth group.