UUID Collision — Is It Possible?

Published by UUID Generator Team

In theory, two UUIDs could be the same—a collision. In practice, with a proper random source and 122 random bits (v4) or 128 bits of entropy, the probability is so low that you can ignore it for normal applications.

Version 4 (Random)

Version 4 UUIDs use 122 bits of randomness (6 bits are fixed for version and variant). There are 2¹²² possible values. To have a 50% chance of one collision, you'd need to generate around 2.7×10¹⁸ UUIDs. That's billions of UUIDs per second for years. With a cryptographically secure RNG (crypto.getRandomValues / crypto.randomUUID), collisions are not a practical concern.

Version 1 and 7

v1 combines timestamp and node; v7 combines timestamp and random data. Collision risk is still negligible for realistic volumes as long as the random part is generated with a good RNG. Duplicates are only plausible if you generate huge numbers in the same millisecond with a broken or predictable generator.

When to Worry

Use a proper random source (e.g. crypto.randomUUID() or your platform's secure RNG). Avoid weak PRNGs or predictable seeds. For name-based UUIDs (v5), collisions only occur if the same namespace and name produce the same UUID—by design, that's the same logical entity. For storage, a unique constraint on the UUID column is still recommended to catch bugs, not because random collisions are likely.

Generate UUIDs with our generator or API; validate with our validator.

UUID v1 vs v4 vs v7 · When to use v4 vs v5 · Home