Nanoid Generator
Generate secure, URL-friendly unique IDs using the nanoid algorithm for databases and applications.
Generator Settings
Collision Stats
Alphabet Size
64
1% Collision at 1k/s
~207 million years
Generated Nanoids
Click "Generate Nanoids" to create new IDs
About Nanoid
Nanoid is a tiny, secure, URL-friendly unique string ID generator. It uses cryptographically strong random values and is more compact than UUID.
- Smaller than UUID (21 chars vs 36)
- URL-friendly (no special characters by default)
- Cryptographically secure
- Customizable alphabet and length
Comparison with UUID
550e8400-e29b-41d4-a716-446655440000V1StGXR8_Z5jdHi6B-myTHow the Nanoid Generator Works
This nanoid generator uses the browser's built-in Web Crypto API (crypto.getRandomValues) to produce cryptographically secure unique identifiers entirely in your browser. No data is transmitted to any server, making it completely safe for generating IDs you plan to use in real production systems.
When you click Generate Nanoids, the tool creates a Uint8Array of random bytes equal to the requested ID length. Each byte value is then reduced modulo the alphabet size to select a character from the chosen character set. Those characters are concatenated in sequence to form one complete nanoid. This process repeats for however many IDs you requested (up to 100 at once).
The generator offers eight built-in alphabets plus a fully custom option:
- Default — 64 characters: digits, uppercase, lowercase, underscore, and hyphen (
0-9A-Za-z_-). This is the standard nanoid alphabet used by the official library. - Alphanumeric — 62 characters: digits, uppercase, lowercase (
0-9A-Za-z). Ideal when underscores and hyphens must be excluded. - Lowercase — 26 characters (
a-z). Useful for case-insensitive systems or human-readable codes. - Uppercase — 26 characters (
A-Z). Mirror of lowercase for systems that prefer capitals. - Numbers — 10 characters (
0-9). Produces a purely numeric token such as a PIN or OTP skeleton. - Hexadecimal — 16 characters (
0-9a-f). Matches the format expected by systems that work with hex digests. - URL Safe — 66 characters: digits, uppercase, lowercase, hyphen, dot, underscore, tilde (
0-9A-Za-z-._~). Every character survives a URL without percent-encoding. - Custom — You supply any character set. The generator uses only those characters, giving full control over the output alphabet.
The ID length slider ranges from 8 to 64 characters, and the default of 21 is deliberately chosen to match the security level of UUID v4 while using fewer characters. You can generate up to 100 IDs per click and copy them individually or all at once.
ID Generation Formula
Where:
- id[i]= The i-th character of the generated nanoid
- alphabet= The array of characters in the chosen character set (e.g., 64 chars for default)
- randomByte[i]= A cryptographically random byte (0–255) from crypto.getRandomValues(Uint8Array)
- mod= Modulo operation — selects an index within the alphabet bounds
- alphabetSize= Number of distinct characters in the chosen alphabet (e.g., 64 for default, 16 for hex)
Understanding Collision Probability
One of the most important properties of any unique ID system is how likely it is that two independently generated IDs will be identical — a collision. The nanoid generator displays a real-time collision estimate based on the Birthday Paradox approximation, assuming IDs are generated at a rate of 1,000 per second.
The collision probability calculation proceeds in three steps. First, the total number of possible distinct IDs is computed as alphabetSize ^ length. For the default settings (64-character alphabet, length 21), this equals 6421 ≈ 9.2 × 1037 possible combinations. Second, the birthday paradox approximation estimates the number of IDs you must generate before there is roughly a 1% chance of any two being identical: that threshold is approximately √(totalCombinations / 2). Third, dividing that threshold by the generation rate (1,000 per second × 31,536,000 seconds per year) converts it to years.
For the default nanoid configuration this yields a collision horizon of over a billion years, which the tool reports as "Practically impossible." Shorter IDs or smaller alphabets dramatically reduce this safety margin. For example, a 10-character numeric-only ID (1010 combinations) reaches its 1% collision threshold in under a second at 1,000 IDs/s.
| Alphabet | Size | Length 21 | Collision horizon (1k/s) |
|---|---|---|---|
| Default (0-9A-Za-z_-) | 64 | 21 | Practically impossible |
| Alphanumeric (0-9A-Za-z) | 62 | 21 | Practically impossible |
| Hex (0-9a-f) | 16 | 21 | ~billions of years |
| Numbers (0-9) | 10 | 21 | ~millions of years |
| Numbers (0-9) | 10 | 10 | <1 second |
This makes the collision probability display an invaluable sanity check when configuring a custom alphabet or shorter length for a specific use case.
Nanoid vs UUID: Key Differences
UUID (Universally Unique Identifier) v4 has been the default choice for unique IDs in databases and APIs for decades. Nanoid was designed to solve several practical shortcomings of UUID while delivering equivalent or better security guarantees.
| Property | UUID v4 | Nanoid (default) |
|---|---|---|
| Character count | 36 (with dashes) | 21 |
| Entropy (bits) | 122 | ~126 |
| URL-safe by default | No (contains hyphens, fixed format) | Yes |
| Customizable alphabet | No | Yes |
| Standard format | RFC 4122 | None (flexible) |
| Database index performance | Poor (long string with dashes) | Better (shorter, no dashes) |
| Human readability | Recognizable format but long | Compact but opaque |
The key insight is that nanoid achieves slightly more entropy than UUID v4 in fewer characters by using a 64-character alphabet instead of hex. This makes nanoids better suited for URLs, database primary keys, and any context where string length matters for storage or display. UUID remains the right choice when you need RFC 4122 compliance or system interoperability with tools that specifically parse UUID format.
Choosing the Right Alphabet
The alphabet you choose determines both the security strength and the compatibility of your generated IDs. Selecting an appropriate alphabet requires balancing three factors: the entropy needed, the systems that will store or transmit the ID, and any human-readability requirements.
Default (64 chars): Use this for general application IDs, session tokens, file names, and any context where the ID will not appear in a URL path segment. The underscore and hyphen characters are both URL-safe in most positions but can cause issues in certain regex or command-line contexts.
Alphanumeric (62 chars): The safest all-around choice when you need broad compatibility. Works in URLs, HTML attributes, JSON keys, SQL columns, and shell scripts without any escaping. Loses only a tiny amount of entropy compared to the default alphabet.
Lowercase (26 chars): Best when the receiving system is case-insensitive — for example, generating short readable codes for humans to type, or producing IDs that must work identically in case-insensitive databases or file systems (like NTFS on Windows).
Hex (16 chars): Appropriate when your system expects hex-format identifiers, such as cryptographic hash identifiers, color codes, or compatibility with tools that parse hex strings. At 21 characters the entropy is still substantial but noticeably lower than the default alphabet.
URL Safe (66 chars): All characters are defined as unreserved in RFC 3986, so these IDs can appear anywhere in a URL — path, query string, or fragment — without percent-encoding. Slightly larger than the default alphabet due to the addition of dot and tilde.
Custom: When you have very specific requirements — for example, generating activation codes that exclude ambiguous characters like 0, O, 1, and l — a custom alphabet gives you precise control. Enter exactly the characters you want; each unique character in your input becomes part of the alphabet.
Common Use Cases for Nanoid
Nanoids are a practical alternative to UUID in a wide range of software development and system design scenarios. Their compact size, URL-friendliness, and cryptographic security make them versatile identifiers that fit naturally into modern application architectures.
Database primary keys: Replacing auto-increment integers with nanoids decouples ID generation from the database, enabling distributed systems to generate valid IDs without coordination. Short nanoids also reduce storage overhead and improve index readability compared to UUID strings.
URL shorteners and slug generation: A short nanoid (8–12 characters, alphanumeric alphabet) provides billions of possible slugs while staying compact enough to share comfortably. The URL-safe character set ensures no percent-encoding complications.
Session tokens and CSRF tokens: Security-critical tokens need high entropy and unpredictability. A 32-character default nanoid provides over 192 bits of entropy — well above the 128-bit minimum recommended for session identifiers.
File and asset naming: Uploaded files often need unique names to avoid collisions and prevent enumeration attacks. Nanoids provide both properties while keeping filenames short enough to display cleanly in admin UIs.
Correlation IDs and trace IDs: In microservice architectures, a short nanoid added to each request as a correlation ID allows logs from multiple services to be joined without the overhead of a full UUID.
One-time codes and invite links: Using a shorter nanoid (10–16 characters) with the alphanumeric alphabet generates invitation tokens and password reset links that are long enough to be secure but short enough to include in a printed email without line-wrapping issues.
Worked Examples
Default 21-Character Nanoid
Problem:
Generate a single nanoid using the default 64-character alphabet at the standard length of 21 characters.
Solution Steps:
- 1Set the ID length slider to 21 (the default position).
- 2Select 'Default (A-Za-z0-9_-)' from the Alphabet dropdown — this gives an alphabet of 64 characters.
- 3Set Number of IDs to 1 and click Generate Nanoids.
- 4The generator fills a Uint8Array of 21 random bytes. For each byte, it computes byte % 64 to get an index, then looks up that index in '0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz_-'.
- 5Example result: V1StGXR8_Z5jdHi6B-myT — 21 characters, URL-friendly, ~126 bits of entropy.
Result:
A 21-character nanoid with ~126 bits of entropy. The collision probability at 1,000 IDs per second exceeds 1 billion years.
Short Hex ID for Internal Reference
Problem:
A system needs a compact 12-character hex identifier for internal log correlation where UUID format is not required.
Solution Steps:
- 1Set the ID length slider to 12.
- 2Select 'Hexadecimal (0-9a-f)' from the Alphabet dropdown — alphabet size = 16 characters.
- 3Set Number of IDs to 5 to generate a batch for testing.
- 4Click Generate Nanoids. For each of the 12 positions, the generator computes randomByte % 16 to select from '0123456789abcdef'.
- 5Total combinations = 16^12 = 281,474,976,710,656 (~2.8 × 10^14). Birthday paradox threshold at 1k/s ≈ √(2.8×10^14 / 2) / (1000 × 31536000) ≈ 9 years.
Result:
Five 12-character hex IDs such as '3f9a2c1b04e7'. Suitable for internal references where collision risk over a 9-year horizon at 1k/s is acceptable.
Human-Readable Invite Code
Problem:
An application needs 8-character invite codes using only uppercase letters and digits, suitable for users to type manually.
Solution Steps:
- 1Select 'Custom Alphabet' from the Alphabet dropdown.
- 2Enter '23456789ABCDEFGHJKLMNPQRSTUVWXYZ' in the Custom Alphabet field — 32 characters excluding ambiguous characters 0, 1, I, O.
- 3Set the ID length slider to 8.
- 4Click Generate Nanoids. Each position is filled by randomByte % 32, selecting from the 32-character custom alphabet.
- 5Total combinations = 32^8 = 1,099,511,627,776 (~1.1 × 10^12). At 1k/s, the collision horizon is approximately 18 years.
Result:
An 8-character invite code such as 'K7M3XRZP' — easy to type, no ambiguous characters, and collision-safe for a typical invite system lifespan.
Tips & Best Practices
- ✓Use the default 21-character length with the default alphabet for any general-purpose application ID — it exceeds UUID entropy in fewer characters.
- ✓For URLs, use the Alphanumeric or URL Safe alphabet to ensure IDs never need percent-encoding in path segments or query strings.
- ✓Generate multiple IDs at once using the Number of IDs input and click 'Copy All' to paste them directly into a migration script or seed file.
- ✓When building invite or activation codes that users must type manually, use a Custom Alphabet that removes visually ambiguous characters such as 0, O, 1, I, and l.
- ✓Check the Collision Stats panel whenever you reduce the length or switch to a smaller alphabet — the collision horizon drops exponentially with shorter IDs.
- ✓For security tokens (session IDs, CSRF tokens, password reset links), use at least 32 characters with the default or alphanumeric alphabet to get well over 128 bits of entropy.
- ✓Power-of-two alphabet sizes (16 for hex, 32, 64) eliminate modulo bias entirely, giving perfectly uniform character distribution across all positions.
- ✓Nanoids with the URL Safe alphabet can be used directly in HTML id attributes, JSON keys, and filenames without any sanitization step.
Frequently Asked Questions
Sources & References
Last updated: 2026-06-05
Help us improve!
How would you rate the Nanoid Generator?
Editorial Note
MyCalcBuddy Editorial Team
This page is maintained as an educational calculator reference.
Formula Source: Standard Mathematical References
by Various