Reliability guide

UUID Collision Probability

Understand how unlikely UUID collisions are, what causes real duplicate ID incidents, and how to design safer systems.

UUID collision risk is usually discussed with giant numbers, but the engineering lesson is simple: correctly generated UUID v4 values almost never collide in normal systems. Bad generators, retries and data workflows cause more real problems.

Key takeaways

  • UUID v4 has 122 random bits after version and variant bits.
  • Correct randomness matters more than memorizing probability trivia.
  • Still keep database uniqueness constraints.

Why UUID v4 collisions are so rare

UUID v4 has 122 bits available for randomness. That is an enormous space. The birthday problem means collision risk grows as you generate more values, but the practical risk remains tiny for ordinary application volumes when randomness is strong.

The important phrase is "when randomness is strong." A broken random number generator changes the whole story.

UUID v4 random space: about 2^122 possible values

What causes duplicate IDs in real systems

Real duplicate incidents often come from boring causes: a test fixture copied into production, a migration run twice, a mocked generator returning the same value, or a fallback that used weak randomness.

That is why production tables should still enforce uniqueness. UUID probability is not a replacement for a unique index.

How UUID v7 changes the conversation

UUID v7 spends part of the identifier on timestamp ordering and uses random bits for the rest. A good implementation still makes collisions extremely unlikely, while offering better time sorting than random UUID v4.

If you generate a very high number of IDs in the same millisecond, implementation quality matters. Use reviewed libraries or database functions instead of improvising.

Practical safety checklist

Use platform crypto APIs, keep unique constraints in the database, avoid global mocked IDs in tests, and monitor insert failures. If a duplicate ever appears, treat it as a signal to inspect the generator and workflow rather than shrugging at probability.

RiskBetter habit
Weak randomnessUse crypto-grade random bytes
No uniqueness constraintAdd unique indexes or primary keys
Copied fixturesGenerate stable but distinct fixture IDs
Improvised v7 logicUse reviewed code for high-volume generation

FAQ

UUID Collision Probability questions

Can UUIDs collide?

Yes in theory. With correctly generated UUID v4 values, collisions are so unlikely that system bugs are usually a bigger practical risk.

Do I still need a unique index?

Yes. Always let the database enforce uniqueness for identifiers that must be unique.

Are UUID v7 collisions more likely than UUID v4?

A good UUID v7 implementation still has enough randomness for practical uniqueness. Implementation quality matters, especially at very high generation rates.

UUID Collision Probability - How Unique Are UUIDs?