Generate NanoID

A short random string sampled from a URL-safe 64-character alphabet — the default 21-character length gives ~126 bits of entropy, the same collision resistance as a UUID in a much smaller footprint.

Browser extensions can read all data on this page. Use a private/incognito window with extensions disabled.

Generated · 0 IDs

Options

Quantity

Length

Alphabet

URL-safe (default) A–Z a–z 0–9 _ -

Alphanumeric A–Z a–z 0–9

Lowercase a–z 0–9

Numbers 0–9 only

Custom… Pick your own characters

All zeros, for testing and defaults

This ID

Length 21 chars

Bits ~126 (21 × 6.0 bits/char from a 64-char alphabet)

Collision risk negligible

Features

URL-safe

Collision

1% collision chance after ≈ 1,307,660,520,276,544,031 IDs

Random part 126 random bits

Counted together Same alphabet and length

NanoID is pure randomness: no timestamp, no counter, no generator fingerprint. The estimate updates with length and alphabet because those options define the random space.

Validate and parse NanoID

Paste an ID

Paste NanoID

About NanoID

Use when: you need a short, URL-safe random ID — share links, slugs, public-facing tokens. Same collision resistance as a UUID in 21 characters instead of 36.

Avoid when: you need IDs that sort by creation time. NanoID has no time component.

How it is generated

A NanoID has no structure at all — every character is an independent uniform draw from the chosen alphabet. No timestamp, no counter, no fingerprint, no version bits.

The default 21 characters from the URL-safe 64-character alphabet gives ~126 bits of entropy, the same collision resistance as a UUID v4 in roughly half the length. You can swap the alphabet or length to trade entropy against compactness.

The one important detail is unbiased sampling: a naive `random % alphabet.length` skews the distribution unless 256 is a multiple of the alphabet size. Rejection sampling fixes that.

01 Compute the threshold max = floor(256 / N) × N, where N is the alphabet length.
02 Pull a byte from crypto.getRandomValues.
03 If the byte is ≥ max, discard it and pull another. Otherwise append alphabet[byte mod N] to the output.
04 Repeat until the output has the requested length.

V1StGXR8_Z5jdHi6B-myT      (default: 21 chars, URL-safe alphabet)
└─────────┬─────────┘
          └── every char is an independent uniform draw from the
              alphabet, sampled via rejection from a CSPRNG.
              No timestamp, no counter, no fingerprint.

Entropy = length × log2(|alphabet|)
          21 × 6 ≈ 126 bits for the 64-char URL-safe default

Built-in alphabets:
  URL-safe       ABCDEFGHIJKLMNOPQRSTUVWXYZ
                 abcdefghijklmnopqrstuvwxyz
                 0123456789_-                (64 chars, ~6.0 bits/char)
  Alphanumeric   A-Z a-z 0-9                 (62 chars, ~5.95 bits/char)
  Lowercase      a-z 0-9                     (36 chars, ~5.17 bits/char)
  Numbers        0-9                         (10 chars, ~3.32 bits/char)

All of this runs in your browser. Random bytes come from crypto.getRandomValues, timestamps come from the system clock, and nothing about the generated ID leaves the tab.