When should I use CUID2 vs UUID?

CUID2 produces shorter IDs that are still URL-safe and collision-resistant. Choose CUID2 when IDs are user-visible (URLs, API responses) and length matters. Use UUID when you need a universally standardized format with maximum random entropy.

Roughly but not precisely. CUID2 embeds a timestamp but also adds randomness, so IDs generated in the same millisecond are not deterministically ordered. For strict time-ordering, use ULID or UUID v7 instead.

Is CUID2 safe to expose in public URLs?

Yes — CUID2 does not contain server fingerprint or sequential counter information (unlike the original CUID). It is safe to use as public record IDs without exposing creation order or infrastructure details.

CUID2 Generator | DevTools Surf

DevTools Surf

About CUID2 Generator

CUID2 Generator preview - Generators tool

Generate CUID2 identifiers with timestamps. Part of the DevTools Surf developer suite. Browse more tools in the Generators collection.

Use Cases

Generate shorter collision-resistant IDs for URLs and slugs
Create unique record identifiers for client-side generated data
Use as session tokens that are sortable but non-sequential
Assign unique IDs to entities in distributed systems without coordination

Tips

CUID2 IDs are 24 characters by default — shorter than UUIDs but still collision-resistant for most use cases
Use the length adjuster to generate shorter IDs for human-facing URLs or longer IDs for higher-entropy requirements
CUID2 IDs are lexicographically sortable by default because they embed a monotonic timestamp component

Fun Facts

CUID2 was designed by Eric Elliott in 2022 as a successor to CUID (Collision-resistant Unique IDentifier). The original CUID was found to have fingerprinting vulnerabilities — the machine-specific component could identify the server that generated the ID.
Unlike UUID v4 which uses only random bits, CUID2 uses a combination of timestamp, a per-session counter, browser fingerprint (client-side), and random salt — making it resistant to both collisions and brute-force enumeration of adjacent IDs.
The ID collision probability for CUID2 at the default 24-character length is approximately 1 in 100 trillion per session — compared to UUID v4's 1 in 5.3 * 10^36 per generated ID. CUID2 trades some collision resistance for shorter, safer IDs.

FAQ

When should I use CUID2 vs UUID?: CUID2 produces shorter IDs that are still URL-safe and collision-resistant. Choose CUID2 when IDs are user-visible (URLs, API responses) and length matters. Use UUID when you need a universally standardized format with maximum random entropy.
Is CUID2 sortable?: Roughly but not precisely. CUID2 embeds a timestamp but also adds randomness, so IDs generated in the same millisecond are not deterministically ordered. For strict time-ordering, use ULID or UUID v7 instead.
Is CUID2 safe to expose in public URLs?: Yes — CUID2 does not contain server fingerprint or sequential counter information (unlike the original CUID). It is safe to use as public record IDs without exposing creation order or infrastructure details.

Related Generators Tools

UUID Generator ULID Generator Password Generator cURL to Code Cron Expression Parser SQL Formatter GraphQL Formatter JSON Schema Generator