Monday, September 8th, 2008

UUID Generator in JavaScript

Category: JavaScript

Robert Kieffer didn’t like any UUID generators out there, so decided to create a lightweight randomUUID.js script. It creates RFC 4122-compliant ids:

The practice is probably a little different. The uniqueness depends on how random the numbers generated by Math.random() are. Generating truly random numbers is a notoriously tricky problem, solved in different (imperfect) ways across browser platforms and OSes.  It’s difficult to say for sure what the real-world uniqueness of these numbers ends up being, but I suspect it’s more than sufficient for most purposes.  Regardless, this is a weakness that all javascript UUID generators will be subject to, unless they rely on an externally-provided unique value.  For example, one could use AJAX to fetch UUIDs generated by a site like, but that has it’s own set of issues.

/* randomUUID.js – Version 1.0
* Copyright 2008, Robert Kieffer
* This software is made available under the terms of the Open Software License
* v3.0 (available here: )
* The latest version of this file can be found at:
* For more information, or to comment on this, please go to:

* Create and return a “version 4” RFC-4122 UUID string.
function randomUUID() {
var s = [], itoh = ‘0123456789ABCDEF’;

// Make array of random hex digits. The UUID only has 32 digits in it, but we
// allocate an extra items to make room for the ‘-‘s we’ll be inserting.
for (var i = 0; i < 36; i++) s[i] = Math.floor(Math.random()*0x10); // Conform to RFC-4122, section 4.4 s[14] = 4; // Set 4 high bits of time_high field to version s[19] = (s[19] & 0x3) | 0x8; // Specify 2 high bits of clock sequence // Convert to hex chars for (var i = 0; i < 36; i++) s[i] = itoh[s[i]]; // Insert '-'s s[8] = s[13] = s[18] = s[23] = '-'; return s.join(''); } [/javascript]

Posted by Dion Almaer at 8:52 am

3.2 rating from 30 votes


Comments feed TrackBack URI

I don’t understand the importance of true randomness in a UUID. Isn’t the whole point that the value will never be generated again by any generator at any time? Wouldn’t some degree of predictability *help* meet that goal?

Comment by trav1m — September 9, 2008

@trav1m: The importance of random number generation comes from it’s use as a substitute for unique state. As long as you have state that you know to be unique, that you can use as a starting point for UUID creation, than a deterministic process will give you IDs that you can guarantee to be unique. This is how “version 1” UUIDs work – they are built using a combination of MAC address, timestamps, and counters. The result is UUIDs that are guaranteed to be unique across all devices that have MAC addresses.

But sometimes you don’t have unique state to use as a starting point, as is the case in JavaScript. We don’t know the system’s MAC address or anything else that is sufficiently unique for our purposes. So instead we use state that we hope is unique – randomly generated numbers – to produce “version 4” UUIDs. As long as there is a sufficient degree of randomness, the odds of picking the same UUID are so astronomically low that we can essentially guarantee uniqueness for all but the most insanely picky requirements. (See my original blog post for details).

There is a catch, however, and that is that Math.random() typically relies on a pseudo-RNG algorithm. If you really want to get nit-picky about how unique the UUIDs we’re generating are, than you need to look at the quality of the algorithm and how it is seeded. But that’s really getting into microscopic hair-splitting, IMHO.

Comment by broofa — September 14, 2008

Note that the code presented here is out of date and doesn’t work in IE6 and I believe IE7.

Check broofa’s site for the most up to date:

Comment by michaelsharman — March 4, 2009

Leave a comment

You must be logged in to post a comment.