Generate UUID v2

A 128-bit DCE Security variant of UUID v1 where the low 32 bits encode a POSIX UID or GID and one byte of the clock sequence carries the local domain (person, group, or org).

Browser extensions can read all data on this page. Use a private/incognito window with extensions disabled.

Result

Options

Format
Case
Local domain
32-bit POSIX UID/GID value embedded in the first field.

This ID

Length 36 chars
Bits 128 (DCE-encoded local domain · UID/GID · time)
Collision risk low
Watch out
Embeds generator fingerprint Legacy

Collision

1% collision chance after ≈ 13,455,510 generators in one roughly 7-minute bucket
Random part 53 random bits
Counted together Same local ID and domain in one roughly 7-minute bucket

UUID v2 overwrites the fast-changing part of the v1 timestamp with the local ID, so this page shows one value for a given input set. Across page sessions, only the randomized node and remaining clock-sequence bits separate matching inputs in the same coarse time bucket.

Validate and parse UUID v2

Paste an ID

About UUID v2

Use when: you must integrate with a legacy DCE/POSIX system that explicitly requires v2.

Avoid when: you have any choice. RFC 9562 §5.2 allocates v2 to DCE Security UUIDs but explicitly places their definition outside its scope, and most libraries do not implement it.

How it is generated

A v2 UUID is structurally a v1, but the low 32 bits of the timestamp are sacrificed to carry a POSIX user or group ID, and one byte of the clock sequence is replaced by a domain code.

The practical effect: the timestamp only updates every ~7 minutes (since the low 32 bits no longer encode time), and consecutive v2 IDs minted with the same UID and domain look almost identical. Most libraries don’t implement v2 at all.

  1. 01 Start from a freshly generated v1 UUID.
  2. 02 Overwrite bytes 0–3 with a 32-bit POSIX UID or GID (the "local identifier"), big-endian.
  3. 03 Overwrite byte 9 (clock_seq_low) with the local domain: 0 = person, 1 = group, 2 = org.
  4. 04 Re-stamp the high nibble of byte 6 to 0010 (version 2). Leave the variant bits in byte 8 alone.
  5. 05 Hex-encode and insert dashes as for v1.
LLLLLLLL-xxxx-Mxxx-NxDD-xxxxxxxxxxxx
└──┬───┘ └─┬┘ └─┬┘ └─┬┘ └────┬─────┘
   │       │    │    │       └── 48-bit node (random multicast in this impl)
   │       │    │    └────────── DD = local domain (byte 9: 0/1/2)
   │       │    └─────────────── time_hi + version (M = "2")
   │       └──────────────────── time_mid (16 bits)
   └────────────────────────── 32-bit POSIX UID/GID (replaces time_low)

All of this runs in your browser. Random bytes come from crypto.getRandomValues, timestamps come from the system clock, and nothing about the generated ID leaves the tab.

YouShallNotPass.io

Practical security tools. We never see your secrets. Open source. No accounts. No tracking.

Support YouShallNotPass.io by starring us on GitHub and sharing it with coworkers and friends.

Sister sites

© 2026 YouShallNotPass.io