NanoID vs UUID: which should I use?

Use UUID when you need a standardised, universally recognised format — a database column typed `uuid`, an interop contract with a system that expects RFC 9562, or time-ordered keys (UUID v7). Use NanoID when you want the ID to be shorter and URL-friendly without losing uniqueness. A default 21-char URL-safe NanoID has 126 bits of entropy versus UUID v4's 122, so the collision resistance is effectively identical, but the NanoID is 21 characters with no hyphens against UUID's 36. That difference matters in URLs, QR codes, and any fixed-width column. NanoID also lets you pick the alphabet and length; UUID is locked to hex and 128 bits.

Why is a NanoID shorter than a UUID but still safe?

Safety here means "hard to guess and astronomically unlikely to collide", and both come down to bits of entropy, not character count. A UUID v4 fixes 6 of its 128 bits for version/variant markers, leaving 122 random bits, and it always renders as 32 hex characters plus 4 hyphens. NanoID has no markers: every character is fully random, and its default 64-character URL-safe alphabet packs 6 bits per character. So 21 characters × 6 bits = 126 bits — more entropy than a UUID — in fewer characters, because hex only carries 4 bits per character while a 64-symbol alphabet carries 6.

How is the collision probability calculated?

It uses the birthday-bound approximation that backs NanoID's official collision calculator. With an alphabet of size A and length L, the total keyspace is N = A^L. The number of IDs you can generate before the probability of any collision reaches p is roughly n ≈ sqrt(2 · N · ln(1 / (1 - p))), which for a small p like 1% simplifies to about sqrt(2 · N · p). The panel reports that n, the keyspace N, the entropy in bits (L · log2(A)), and — if you give it a generation rate — divides n by the rate to estimate how long until a 1% collision becomes likely.

Can I customise the alphabet, and what should I avoid?

Yes — choose a preset (URL-safe, numbers, lowercase, hex) or paste any characters you like into the custom field. A common, useful custom set for human-typed codes is `ABCDEFGHJKLMNPQRSTUVWXYZ23456789`, which removes the easily-confused O/0, I/1, and l. Two things to watch: the tool deduplicates repeated characters so the keyspace math reflects the real alphabet, and you need at least 2 distinct characters or the generator has nothing to choose from. Smaller alphabets need longer IDs to hit the same entropy — the collision panel updates live so you can see the trade-off.

Generate short public IDs for URLs instead of leaking auto-increment integers

Exposing `/orders/1042` tells a competitor you have roughly a thousand orders and lets anyone walk `/orders/1043`, `/orders/1044`. Workflow: keep the integer primary key internal, add a `public_id` column, default it to a NanoID. Set the alphabet to URL-safe and the length to 12 (about 72 bits, more than enough for a per-table public handle). Generate a batch here, paste them into a seed migration, and your URLs become `/orders/V1StGXR8_Z5j` — unguessable and short enough to fit in a tweet. The collision readout confirms 12 chars survives billions of rows before the 1% mark.

Create database primary keys that beat UUID v4 on index bloat

UUID v4 is 36 characters and randomly distributed, which fragments a B-tree index. A 21-char URL-safe NanoID carries 126 bits of entropy — effectively the same uniqueness guarantee as a UUID's 122 — in 15 fewer bytes per row. Pick the URL-safe preset, leave length at 21, generate a sample, and verify the keyspace and "IDs until 1% collision" numbers against your projected write volume before you standardise on it. For append-friendly ordering you still want UUID v7, but for opaque keys NanoID is leaner.

Build human-readable coupon or invite codes with a no-confusion alphabet

A coupon code printed on a receipt gets typed back by a tired human, so `O` vs `0` and `l` vs `1` matter. Switch to the custom alphabet and paste `ABCDEFGHJKLMNPQRSTUVWXYZ23456789` (no O/0/I/1). Set length to 8 and generate 500 at once. The effective-size readout shows 32 characters, and the collision panel tells you 8 chars gives a ~40-bit keyspace — plenty for a few hundred thousand codes, and the math is right there so you do not over- or under-shoot the length.

Seed test fixtures and mock data with deterministic-length IDs

When you snapshot-test an API response, random UUIDs make the snapshot churn on every run. Generate a fixed batch of NanoIDs once, paste them into your fixtures file, and your snapshots stay stable. Use the numbers preset if your downstream parser is integer-ish, or hex if you are matching a `[0-9a-f]+` regex. Download the batch as a .txt and pipe it into your seed script.

Generate device or session tokens that fit a fixed-width column

IoT firmware and embedded logs often have a fixed-width identifier field — say exactly 16 characters. NanoID lets you nail the length precisely, unlike UUID's mandatory 32 hex digits + 4 hyphens. Set length to 16, URL-safe alphabet, copy a batch, and every token fits the column with 96 bits of entropy. The rate field lets you model "10,000 devices provisioning per second" and see when a collision becomes statistically plausible.

NanoID Generator

Generate URL-safe NanoIDs with a custom alphabet, adjustable length, and a live collision-probability readout — entirely in your browser.

Runs locally
Category Generator
Best for Starting from a blank page without committing to the first result.

Alphabet

Effective size: 64 chars

Length

Count

Generation rate (IDs/sec)

Collision probability

Entropy (bits per ID)

126.0

Total keyspace

8.51×10^37

IDs until ~1% collision

1.31×10^18

At this rate, ~1% collision after

41,465,643 years

Generated NanoIDs

Click Generate to produce NanoIDs.

Settings ride in the URL. The IDs themselves stay local.

What this tool does

A NanoID generator built for developers who want shorter, URL-safe unique identifiers without dragging in a dependency. NanoID is the modern, tiny alternative to UUID: the default 21-character URL-safe ID packs 126 bits of entropy — practically the same collision resistance as a UUID v4's 122 bits — in a string that is shorter, has no hyphens, and drops straight into a URL. This tool generates IDs with `crypto.getRandomValues` and the exact masking plus rejection-sampling algorithm the official `nanoid` package uses, so the distribution is unbiased and never falls back to the insecure `Math.random()`. Pick a preset alphabet (URL-safe, numbers, lowercase, or hex) or paste your own custom set — handy for no-confusion coupon codes that strip out O/0 and l/1. Tune the length from 2 to 256, batch-generate up to 1000 at once, copy a single ID or all of them, or download the batch as a .txt file. The live collision panel shows the entropy in bits, the total keyspace, how many IDs you can mint before a 1% collision becomes likely, and — given a generation rate you set — how long that would take. Your settings ride in a shareable URL while the generated IDs stay local and re-randomise on every click. Zero dependencies, zero server round-trips, 100% client-side.

Tool details

Input: Text + Numbers; The page exposes text boxes, numeric controls, file pickers, or structured inputs depending on the tool.
Output: Live result + Copy + Download; The result area focuses on usable output, with copy, download, or preview actions when supported.
Privacy: Browser-side processing; The main tool logic does not call an external API, so inputs normally stay in the current tab.
Save / share: Shareable URL state; Key settings are encoded in the URL so another person can reopen the same setup.
Performance budget: Initial JS <= 14 KB; No WASM budget is declared, keeping the tool quick to open on mobile.
Best fit: Generator · Developer; Category and role tags drive related tools, internal links, and quick fit checks.

How to use

1. Input

Paste or drop your content into the tool panel.
2. Process

Click the button. All processing is local in your browser.
3. Copy / Download

Copy the result or download to disk in one click.

How NanoID Generator fits into your work

Use it to get a strong first draft, starter asset, or structured output that you can edit before publishing.

Generation jobs

Starting from a blank page without committing to the first result.
Creating repeatable drafts, names, templates, or placeholder assets.
Exploring options before choosing the one that fits the job.

Generation checks

Review generated output before it reaches a customer, page, or document.
Change defaults when you need a specific brand voice, format, or audience.
Keep only the parts that match the real task.

Good next steps

These links move the current task into a more complete workflow.

Real-world use cases

Generate short public IDs for URLs instead of leaking auto-increment integers
Exposing `/orders/1042` tells a competitor you have roughly a thousand orders and lets anyone walk `/orders/1043`, `/orders/1044`. Workflow: keep the integer primary key internal, add a `public_id` column, default it to a NanoID. Set the alphabet to URL-safe and the length to 12 (about 72 bits, more than enough for a per-table public handle). Generate a batch here, paste them into a seed migration, and your URLs become `/orders/V1StGXR8_Z5j` — unguessable and short enough to fit in a tweet. The collision readout confirms 12 chars survives billions of rows before the 1% mark.
Create database primary keys that beat UUID v4 on index bloat
UUID v4 is 36 characters and randomly distributed, which fragments a B-tree index. A 21-char URL-safe NanoID carries 126 bits of entropy — effectively the same uniqueness guarantee as a UUID's 122 — in 15 fewer bytes per row. Pick the URL-safe preset, leave length at 21, generate a sample, and verify the keyspace and "IDs until 1% collision" numbers against your projected write volume before you standardise on it. For append-friendly ordering you still want UUID v7, but for opaque keys NanoID is leaner.
Build human-readable coupon or invite codes with a no-confusion alphabet
A coupon code printed on a receipt gets typed back by a tired human, so `O` vs `0` and `l` vs `1` matter. Switch to the custom alphabet and paste `ABCDEFGHJKLMNPQRSTUVWXYZ23456789` (no O/0/I/1). Set length to 8 and generate 500 at once. The effective-size readout shows 32 characters, and the collision panel tells you 8 chars gives a ~40-bit keyspace — plenty for a few hundred thousand codes, and the math is right there so you do not over- or under-shoot the length.
Seed test fixtures and mock data with deterministic-length IDs
When you snapshot-test an API response, random UUIDs make the snapshot churn on every run. Generate a fixed batch of NanoIDs once, paste them into your fixtures file, and your snapshots stay stable. Use the numbers preset if your downstream parser is integer-ish, or hex if you are matching a `[0-9a-f]+` regex. Download the batch as a .txt and pipe it into your seed script.
Generate device or session tokens that fit a fixed-width column
IoT firmware and embedded logs often have a fixed-width identifier field — say exactly 16 characters. NanoID lets you nail the length precisely, unlike UUID's mandatory 32 hex digits + 4 hyphens. Set length to 16, URL-safe alphabet, copy a batch, and every token fits the column with 96 bits of entropy. The rate field lets you model "10,000 devices provisioning per second" and see when a collision becomes statistically plausible.

Common pitfalls

Using `Math.random()` to roll your own NanoID. It is not cryptographically secure and is biased — attackers can predict the sequence, and some characters appear more often. This tool uses `crypto.getRandomValues` exclusively. If you copy the algorithm, copy the masking + rejection-sampling step too, not just the byte source.
Taking `randomByte % alphabet.length` to map bytes to characters. Modulo skews the distribution toward the first `256 % length` characters whenever the alphabet size is not a power of two. The correct approach (used here) is a bitmask plus discarding out-of-range values, so every character is equally likely.
Shrinking the length to make IDs prettier without checking the collision panel. Dropping from 21 to 6 characters with a 64-char alphabet cuts the keyspace from 10^37 to about 10^10 — a few hundred thousand IDs and you are already in collision territory. Read the 'IDs until 1% collision' number against your real volume before you trim.

Privacy

Every NanoID is generated locally with your browser's `crypto.getRandomValues`. No ID, alphabet, or count is ever sent to a server, logged, or analysed. There is one thing to know about sharing: your settings (length, alphabet, count, rate) ride in the URL query string so a shared link reproduces the exact configuration — but the generated IDs themselves are deliberately kept out of the URL and are re-randomised on every Generate click. So a "share link" reveals what kind of IDs you make, never the actual IDs. Treat any ID you generate here as a real secret if you use it as a token.

FAQ

Tool combos

Folks in your role tend to reach for these alongside this tool.

Developer

Browse all tools for this role

NanoID Generator

What this tool does

Tool details

How to use

1. Input

2. Process

3. Copy / Download

How NanoID Generator fits into your work

Generation jobs

Generation checks

Good next steps

Real-world use cases

Generate short public IDs for URLs instead of leaking auto-increment integers

Create database primary keys that beat UUID v4 on index bloat

Build human-readable coupon or invite codes with a no-confusion alphabet

Seed test fixtures and mock data with deterministic-length IDs

Generate device or session tokens that fit a fixed-width column

Common pitfalls

Privacy

FAQ

UUID Generator

Password Generator

Random Number Generator

Bcrypt Generator

URL Slug Generator

24-Point Solver & Game

Chinese Acupoint Locator

API Key Generator

Arabic 1100 Essential Words

ASCII Art Generator

Avatar Generator

Backup Codes Generator