Nanoid Generator

Generate secure, URL-friendly unique IDs using the nanoid algorithm for databases and applications.

Generator Settings

821 (Default)64

Collision Stats

Alphabet Size

64

1% Collision at 1k/s

~207 million years

Generated Nanoids

Click "Generate Nanoids" to create new IDs

About Nanoid

Nanoid is a tiny, secure, URL-friendly unique string ID generator. It uses cryptographically strong random values and is more compact than UUID.

  • Smaller than UUID (21 chars vs 36)
  • URL-friendly (no special characters by default)
  • Cryptographically secure
  • Customizable alphabet and length

Comparison with UUID

UUID:550e8400-e29b-41d4-a716-446655440000
Nanoid:V1StGXR8_Z5jdHi6B-myT

How the Nanoid Generator Works

This nanoid generator uses the browser's built-in Web Crypto API (crypto.getRandomValues) to produce cryptographically secure unique identifiers entirely in your browser. No data is transmitted to any server, making it completely safe for generating IDs you plan to use in real production systems.

When you click Generate Nanoids, the tool creates a Uint8Array of random bytes equal to the requested ID length. Each byte value is then reduced modulo the alphabet size to select a character from the chosen character set. Those characters are concatenated in sequence to form one complete nanoid. This process repeats for however many IDs you requested (up to 100 at once).

The generator offers eight built-in alphabets plus a fully custom option:

  • Default — 64 characters: digits, uppercase, lowercase, underscore, and hyphen (0-9A-Za-z_-). This is the standard nanoid alphabet used by the official library.
  • Alphanumeric — 62 characters: digits, uppercase, lowercase (0-9A-Za-z). Ideal when underscores and hyphens must be excluded.
  • Lowercase — 26 characters (a-z). Useful for case-insensitive systems or human-readable codes.
  • Uppercase — 26 characters (A-Z). Mirror of lowercase for systems that prefer capitals.
  • Numbers — 10 characters (0-9). Produces a purely numeric token such as a PIN or OTP skeleton.
  • Hexadecimal — 16 characters (0-9a-f). Matches the format expected by systems that work with hex digests.
  • URL Safe — 66 characters: digits, uppercase, lowercase, hyphen, dot, underscore, tilde (0-9A-Za-z-._~). Every character survives a URL without percent-encoding.
  • Custom — You supply any character set. The generator uses only those characters, giving full control over the output alphabet.

The ID length slider ranges from 8 to 64 characters, and the default of 21 is deliberately chosen to match the security level of UUID v4 while using fewer characters. You can generate up to 100 IDs per click and copy them individually or all at once.

ID Generation Formula

id[i] = alphabet[ randomByte[i] mod alphabetSize ]

Where:

  • id[i]= The i-th character of the generated nanoid
  • alphabet= The array of characters in the chosen character set (e.g., 64 chars for default)
  • randomByte[i]= A cryptographically random byte (0–255) from crypto.getRandomValues(Uint8Array)
  • mod= Modulo operation — selects an index within the alphabet bounds
  • alphabetSize= Number of distinct characters in the chosen alphabet (e.g., 64 for default, 16 for hex)

Understanding Collision Probability

One of the most important properties of any unique ID system is how likely it is that two independently generated IDs will be identical — a collision. The nanoid generator displays a real-time collision estimate based on the Birthday Paradox approximation, assuming IDs are generated at a rate of 1,000 per second.

The collision probability calculation proceeds in three steps. First, the total number of possible distinct IDs is computed as alphabetSize ^ length. For the default settings (64-character alphabet, length 21), this equals 6421 ≈ 9.2 × 1037 possible combinations. Second, the birthday paradox approximation estimates the number of IDs you must generate before there is roughly a 1% chance of any two being identical: that threshold is approximately √(totalCombinations / 2). Third, dividing that threshold by the generation rate (1,000 per second × 31,536,000 seconds per year) converts it to years.

For the default nanoid configuration this yields a collision horizon of over a billion years, which the tool reports as "Practically impossible." Shorter IDs or smaller alphabets dramatically reduce this safety margin. For example, a 10-character numeric-only ID (1010 combinations) reaches its 1% collision threshold in under a second at 1,000 IDs/s.

Alphabet Size Length 21 Collision horizon (1k/s)
Default (0-9A-Za-z_-) 64 21 Practically impossible
Alphanumeric (0-9A-Za-z) 62 21 Practically impossible
Hex (0-9a-f) 16 21 ~billions of years
Numbers (0-9) 10 21 ~millions of years
Numbers (0-9) 10 10 <1 second

This makes the collision probability display an invaluable sanity check when configuring a custom alphabet or shorter length for a specific use case.

Nanoid vs UUID: Key Differences

UUID (Universally Unique Identifier) v4 has been the default choice for unique IDs in databases and APIs for decades. Nanoid was designed to solve several practical shortcomings of UUID while delivering equivalent or better security guarantees.

Property UUID v4 Nanoid (default)
Character count 36 (with dashes) 21
Entropy (bits) 122 ~126
URL-safe by default No (contains hyphens, fixed format) Yes
Customizable alphabet No Yes
Standard format RFC 4122 None (flexible)
Database index performance Poor (long string with dashes) Better (shorter, no dashes)
Human readability Recognizable format but long Compact but opaque

The key insight is that nanoid achieves slightly more entropy than UUID v4 in fewer characters by using a 64-character alphabet instead of hex. This makes nanoids better suited for URLs, database primary keys, and any context where string length matters for storage or display. UUID remains the right choice when you need RFC 4122 compliance or system interoperability with tools that specifically parse UUID format.

Choosing the Right Alphabet

The alphabet you choose determines both the security strength and the compatibility of your generated IDs. Selecting an appropriate alphabet requires balancing three factors: the entropy needed, the systems that will store or transmit the ID, and any human-readability requirements.

Default (64 chars): Use this for general application IDs, session tokens, file names, and any context where the ID will not appear in a URL path segment. The underscore and hyphen characters are both URL-safe in most positions but can cause issues in certain regex or command-line contexts.

Alphanumeric (62 chars): The safest all-around choice when you need broad compatibility. Works in URLs, HTML attributes, JSON keys, SQL columns, and shell scripts without any escaping. Loses only a tiny amount of entropy compared to the default alphabet.

Lowercase (26 chars): Best when the receiving system is case-insensitive — for example, generating short readable codes for humans to type, or producing IDs that must work identically in case-insensitive databases or file systems (like NTFS on Windows).

Hex (16 chars): Appropriate when your system expects hex-format identifiers, such as cryptographic hash identifiers, color codes, or compatibility with tools that parse hex strings. At 21 characters the entropy is still substantial but noticeably lower than the default alphabet.

URL Safe (66 chars): All characters are defined as unreserved in RFC 3986, so these IDs can appear anywhere in a URL — path, query string, or fragment — without percent-encoding. Slightly larger than the default alphabet due to the addition of dot and tilde.

Custom: When you have very specific requirements — for example, generating activation codes that exclude ambiguous characters like 0, O, 1, and l — a custom alphabet gives you precise control. Enter exactly the characters you want; each unique character in your input becomes part of the alphabet.

Common Use Cases for Nanoid

Nanoids are a practical alternative to UUID in a wide range of software development and system design scenarios. Their compact size, URL-friendliness, and cryptographic security make them versatile identifiers that fit naturally into modern application architectures.

Database primary keys: Replacing auto-increment integers with nanoids decouples ID generation from the database, enabling distributed systems to generate valid IDs without coordination. Short nanoids also reduce storage overhead and improve index readability compared to UUID strings.

URL shorteners and slug generation: A short nanoid (8–12 characters, alphanumeric alphabet) provides billions of possible slugs while staying compact enough to share comfortably. The URL-safe character set ensures no percent-encoding complications.

Session tokens and CSRF tokens: Security-critical tokens need high entropy and unpredictability. A 32-character default nanoid provides over 192 bits of entropy — well above the 128-bit minimum recommended for session identifiers.

File and asset naming: Uploaded files often need unique names to avoid collisions and prevent enumeration attacks. Nanoids provide both properties while keeping filenames short enough to display cleanly in admin UIs.

Correlation IDs and trace IDs: In microservice architectures, a short nanoid added to each request as a correlation ID allows logs from multiple services to be joined without the overhead of a full UUID.

One-time codes and invite links: Using a shorter nanoid (10–16 characters) with the alphanumeric alphabet generates invitation tokens and password reset links that are long enough to be secure but short enough to include in a printed email without line-wrapping issues.

Worked Examples

Default 21-Character Nanoid

Problem:

Generate a single nanoid using the default 64-character alphabet at the standard length of 21 characters.

Solution Steps:

  1. 1Set the ID length slider to 21 (the default position).
  2. 2Select 'Default (A-Za-z0-9_-)' from the Alphabet dropdown — this gives an alphabet of 64 characters.
  3. 3Set Number of IDs to 1 and click Generate Nanoids.
  4. 4The generator fills a Uint8Array of 21 random bytes. For each byte, it computes byte % 64 to get an index, then looks up that index in '0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz_-'.
  5. 5Example result: V1StGXR8_Z5jdHi6B-myT — 21 characters, URL-friendly, ~126 bits of entropy.

Result:

A 21-character nanoid with ~126 bits of entropy. The collision probability at 1,000 IDs per second exceeds 1 billion years.

Short Hex ID for Internal Reference

Problem:

A system needs a compact 12-character hex identifier for internal log correlation where UUID format is not required.

Solution Steps:

  1. 1Set the ID length slider to 12.
  2. 2Select 'Hexadecimal (0-9a-f)' from the Alphabet dropdown — alphabet size = 16 characters.
  3. 3Set Number of IDs to 5 to generate a batch for testing.
  4. 4Click Generate Nanoids. For each of the 12 positions, the generator computes randomByte % 16 to select from '0123456789abcdef'.
  5. 5Total combinations = 16^12 = 281,474,976,710,656 (~2.8 × 10^14). Birthday paradox threshold at 1k/s ≈ √(2.8×10^14 / 2) / (1000 × 31536000) ≈ 9 years.

Result:

Five 12-character hex IDs such as '3f9a2c1b04e7'. Suitable for internal references where collision risk over a 9-year horizon at 1k/s is acceptable.

Human-Readable Invite Code

Problem:

An application needs 8-character invite codes using only uppercase letters and digits, suitable for users to type manually.

Solution Steps:

  1. 1Select 'Custom Alphabet' from the Alphabet dropdown.
  2. 2Enter '23456789ABCDEFGHJKLMNPQRSTUVWXYZ' in the Custom Alphabet field — 32 characters excluding ambiguous characters 0, 1, I, O.
  3. 3Set the ID length slider to 8.
  4. 4Click Generate Nanoids. Each position is filled by randomByte % 32, selecting from the 32-character custom alphabet.
  5. 5Total combinations = 32^8 = 1,099,511,627,776 (~1.1 × 10^12). At 1k/s, the collision horizon is approximately 18 years.

Result:

An 8-character invite code such as 'K7M3XRZP' — easy to type, no ambiguous characters, and collision-safe for a typical invite system lifespan.

Tips & Best Practices

  • Use the default 21-character length with the default alphabet for any general-purpose application ID — it exceeds UUID entropy in fewer characters.
  • For URLs, use the Alphanumeric or URL Safe alphabet to ensure IDs never need percent-encoding in path segments or query strings.
  • Generate multiple IDs at once using the Number of IDs input and click 'Copy All' to paste them directly into a migration script or seed file.
  • When building invite or activation codes that users must type manually, use a Custom Alphabet that removes visually ambiguous characters such as 0, O, 1, I, and l.
  • Check the Collision Stats panel whenever you reduce the length or switch to a smaller alphabet — the collision horizon drops exponentially with shorter IDs.
  • For security tokens (session IDs, CSRF tokens, password reset links), use at least 32 characters with the default or alphanumeric alphabet to get well over 128 bits of entropy.
  • Power-of-two alphabet sizes (16 for hex, 32, 64) eliminate modulo bias entirely, giving perfectly uniform character distribution across all positions.
  • Nanoids with the URL Safe alphabet can be used directly in HTML id attributes, JSON keys, and filenames without any sanitization step.

Frequently Asked Questions

Yes. The generator uses <code>crypto.getRandomValues()</code>, which is the Web Crypto API's cryptographically secure random number generator. This is the same source used by password managers and browser-side encryption libraries. All generation happens locally in your browser — no data is sent to any server.
The nanoid library's author chose 21 characters with a 64-character alphabet to achieve approximately 126 bits of entropy, which is slightly more than UUID v4's 122 bits. This makes the default nanoid both more compact than UUID (21 vs 36 characters) and marginally more secure, while remaining URL-friendly without any percent-encoding.
This figure estimates how long you would need to generate IDs at a rate of 1,000 per second before there is approximately a 1% probability that any two IDs generated so far are identical. It uses the Birthday Paradox approximation: threshold = √(totalCombinations / 2), then divided by the per-year generation rate. The longer this horizon, the safer your ID configuration for your expected usage volume.
Yes, and this is one of the most common use cases. Unlike sequential integers, nanoids generated client-side prevent enumeration attacks and allow distributed systems to create valid primary keys without a round-trip to the database. The main trade-off is slightly larger storage (21 bytes as a string vs 4–8 bytes for an integer) and potentially slower B-tree index performance for very large tables, which you can mitigate by keeping the length short and the alphabet compact.
Nanoid and UUID v4 both use cryptographically secure random bytes and offer similar entropy. Nanoid is shorter (21 vs 36 characters), URL-safe by default, has no fixed format requirement, and uses a customizable alphabet. UUID follows the RFC 4122 standard and is expected in a specific hyphenated hex format. Use nanoid when compactness and flexibility matter; use UUID when RFC compliance or third-party system interoperability requires the standard format.
Modulo bias occurs when the range of random values is not evenly divisible by the alphabet size, causing some characters to appear slightly more often than others. For example, if random bytes (0–255) are used with an alphabet of 100 characters, values 0–99 occur 3 times while values 100–199 occur 2 times per 256. This generator inherits the same approach used by the nanoid library, which uses the modulo operation directly. For power-of-two alphabet sizes (like hex at 16 or the default at 64) there is zero bias. For other sizes a small statistical skew exists; for most application identifiers this is negligible, but if you need strict uniformity consider a power-of-two alphabet size.
The generator supports up to 100 IDs per click, and you can use 'Copy All' to copy them as a newline-separated list. For larger volumes you would use the official nanoid library in your preferred language (available for Node.js, Python, Go, Rust, and others) to generate IDs programmatically. This tool is ideal for generating small batches for testing, seeding, or manual database operations.

Sources & References

Last updated: 2026-06-05

💡

Help us improve!

How would you rate the Nanoid Generator?

<>

Editorial Note

MyCalcBuddy Editorial Team

This page is maintained as an educational calculator reference.

Source

Formula Source: Standard Mathematical References

by Various

UpdatedLast reviewed: May 2026
CheckedFormula checks are based on standard references and internal QA review.