UUID v4
What is UUID v4?
UUID (Universally Unique Identifier) v4 is a 128-bit identifier generated using random values. It is defined in RFC 4122. A UUID v4 looks like:
550e8400-e29b-41d4-a716-446655440000
Of the 128 bits, 4 bits indicate the version (4) and 2-3 bits indicate the variant. This leaves 122 bits of randomness, giving 2122 possible UUIDs — about 5.3 × 1036.
Where UUIDs are used
UUIDs are widely used as identifiers in software:
- Database primary keys
- Request tracing IDs
- File names and resource identifiers
- Distributed system node IDs
- Session tokens and correlation IDs
Why a UUID is not a secret
While UUID v4 values are random and unique, they are not suitable as secrets for several reasons:
- UUIDs are often visible in URLs, logs, and databases
- The 122 bits of entropy is good for uniqueness but may not be enough for security tokens
- UUIDs have a recognizable format that makes them easy to identify
- Some UUID implementations may use weaker randomness sources
For secrets, use the Hex Generator or Base64 Generator with at least 256 bits (32 bytes) of entropy. For identifiers, UUIDs are perfect.