UUID (Universal Unique Identifier)

What is UUID?

A UUID (Universal Unique Identifier) is a 128-bit value used to uniquely identify an object or entity on the internet. Depending on the specific mechanisms used, a UUID is either guaranteed to be different or is, at least, extremely likely to be different from any other UUID generated until A.D. 3400.

UUIDs can be generated to refer to almost anything imaginable. For example, they can identify databases, system instances, primary keys, Bluetooth profiles or objects with short lifetimes.

UUID is a term analogous to GUID. Originally, GUID referred to a variant of UUID used by Microsoft, but the terms became synonymous in the RFC 4122 specification. UUID was standardized by the Open Software Foundation (OSF), becoming a part of the Distributed Computing Environment (DCE). Different versions of UUID follow the RFC 4122 specification.

UUIDs are generated using an algorithm based on a timestamp and other factors such as the network address. Free tools to generate UUIDs include UUIDTools or Online UUID Generator.

How does UUID work?

The UUID relies on a combination of components to ensure uniqueness. UUIDs are constructed in a sequence of digits equal to 128 bits. The ID is in hexadecimal digits, meaning it uses the numbers 0 through 9 and letters A through F. The hexadecimal digits are grouped as 32 hexadecimal characters with four hyphens: XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX. The number of characters per hyphen is 8-4-4-4-12. The last section of four, or the N position, indicates the format and encoding in either one to three bits.

As an example, UUIDs based around time have segments that are divided by hyphens that signify low, mid and mid time and version as different timestamps used to identify the UID. The digits under the last section, the node, denote the MAC address.

The structure of a UUID
This image shows how a UUID is structured.

There are three variants of UUID:

  • Variant 0. This variant is reserved for backward compatibility with the obsolete Apollo Network Computing System from the late 1980s. It has a similar construction to the version 1 UUIDs used today.
  • Variant 1. Variant 1 is the main variant used today. These variants are referred to as RFC 4122/DCE 1.1 UUIDs, or Leach-Salz UUIDs after the authors of the Internet Engineering Task Force working document defining UUID specifications. As an example, GUIDs are variant 1 UUIDs.
  • Variant 2. Variant 2 is reserved for Microsoft backward compatibility. Even though many of the GUIDs Microsoft uses are variant 1 UUIDs, early GUIDs on the Windows platform used variant 2. The difference between variants 1 and 2 is the number of bits in the N position. Variant 1 UUIDs use two bits, while variant 2 UUIDs use three bits.

UUID versions

The current variant of UUID, variant 1, consists of five different versions. These versions differ in how they are constructed. Types of UUIDs include:

  • Version 1. This version is generated from a specified time and node It is a time stamp-based unique host identifier.
  • Version 2. This version is generated similarly to version 1, however, less significant bits are replaced. Namely, eight bits of the clock sequence are replaced by a local domain number and 32 bits of the timestamp are replaced with the number for the specified local domain. These are reserved for DCE Security UUIDs.
  • Version 3. This version is generated by hashing both a namespace identifier and a name. Versions 3 and 5 are constructed similarly; however, version 3 uses message-digest algorithm 5 (MD5) as the hashing algorithm.
  • Version 4. This version of UUID is generated randomly. Although the random UUID uses random bytes, four bits are used to indicate version 4, while two to three bits are used to indicate the variant. These can be created using a random or pseudo-random number generator. More bits are used in this version, so there are fewer UUID combinations. However, there are still enough UUID combinations to avoid the possibility of a collision.
  • Version 5. Version 5 is generated the same way as version 3. However, it is generated using Secure Hash Algorithm 1, or SHA-1, as opposed to MD5, which version 3 uses for hashing. Versions 3 and 5 are well suited for use as unique identifiers for information and data within a namespace of a system.

An extra version of UUID, and a special case, is the Nil UUID. This UUID contains all zeros for integers.

UUID collisions

A collision is when the same UUID is generated more than one time and is assigned to different objects. Even though it is possible, the 128-bit value is extremely unlikely to be repeated by any other UUID. The possibility is close enough to zero, for all practical purposes, that it is negligible. Even in version 4 UUIDs, where there are fewer UUID combinations, the chance of a collision is low enough to be ignored.

This was last updated in August 2021

Continue Reading About UUID (Universal Unique Identifier)

Dig Deeper on Enterprise architecture management

Software Quality
Cloud Computing