CUID2 Generator

CUID2 — collision-resistant, privacy-friendly IDs

CUID2 stands for Collision-resistant Unique IDentifier, version 2. It was designed by JavaScript author Eric Elliott and released in 2022 as a successor to the original CUID (2012), which was deprecated because parts of its structure were predictable enough to leak server fingerprints and rough creation times. CUID2 fixes that by hashing every internal input before it surfaces in the final string.

Each CUID2 is exactly 24 characters, all lowercase, drawn from [a-z0-9]. The first character is always a letter — that single decision makes the ID safe to drop into URLs (no leading digits to confuse routers or CSS selectors) and into databases that distinguish identifiers from numbers. A typical sample looks like tz4a98xxat96iws9zmbrgj3a.

Internal structure

Even though only 24 characters are exposed, the generator mixes four sources of randomness:

• Letter prefix — 1 random lowercase letter, guarantees the URL/CSS friendliness above.
• Timestamp — current millisecond clock, fed only into the hash so it is not directly readable.
• Session counter — monotonically incremented per generator instance, prevents intra-process collisions if the system clock stands still.
• Random component — pulled from the platform's CSPRNG (crypto.getRandomValues in the browser).
• Client fingerprint — a hashed mix of environment hints (host, process id, user agent), again only fed into the hash.

All five inputs are concatenated and hashed with SHA3, then truncated to 23 characters and appended after the letter prefix. SHA3 was chosen because it is both collision-resistant and pre-image resistant — knowing the output gives an attacker no useful information about any of the inputs. The collision probability stays below 50% well past 10^36 generated IDs, far beyond anything a real system will ever produce.

CUID2 vs UUID v4 / UUID v7 / ULID

• Length — CUID2 is 24 chars; UUID is 36 chars with dashes (32 without). CUID2 is noticeably shorter in URLs and database indexes.
• Privacy — CUID2 is hash-based and reveals no creation time, machine identity or sequence. UUID v7 and ULID are timestamp-prefixed and therefore do leak when an ID was created (and the order of creation) — a frequent topic on Hacker News when teams realise they accidentally exposed user signup timing.
• Sortability — UUID v7 and ULID are lexicographically sortable by creation time, which is great for index locality and time-series queries. CUID2 deliberately is not — that is the privacy trade-off.
• Start character — CUID2 always starts with a letter; UUIDs can start with any hex digit.
• Performance — CUID2 is slower than UUID v4 because it pays for a SHA3 hash per ID (on the order of microseconds), but that cost is invisible in any I/O-bound application.

When to use CUID2 — and when not to

Use CUID2 for primary keys in distributed databases, public IDs in URLs (where you do not want to leak signup time), event-sourcing identifiers, idempotency keys, and any place where the ID is going to appear in a customer-visible string. The official reference implementation is @paralleldrive/cuid2 for JavaScript/TypeScript, with community ports in Python, Rust, Go and Elixir.

Avoid CUID2 when you need IDs sortable by creation time (use ULID or UUID v7 instead), when interoperating with systems that expect a canonical 8-4-4-4-12 UUID layout, or when storage is so tight that 24 vs 16 bytes (binary UUID) makes a measurable difference at billions of rows.

FAQ

Is CUID2 deterministic? No. The random component and the session counter guarantee that two CUID2s generated in the same millisecond on the same machine are still different.

Can I put a CUID2 in a URL or filename? Yes — it only contains lowercase letters and digits, so no encoding is needed. It is also case-insensitive and copy-paste safe.

Is it slower than UUID v4? A little. The SHA3 hash costs a handful of microseconds per ID. In practice this is negligible compared with the database insert that follows.

Will two services ever generate the same CUID2? The math says no with absurdly high probability — the design targets the 50% collision threshold around 10^36 IDs, more than every grain of sand on Earth squared.

Does this tool send my IDs to a server? No. Generation happens entirely in the browser using crypto.getRandomValues for entropy. Nothing is transmitted.