The History of UUIDs: From Apollo to RFC 9562
UUIDs have a surprisingly rich history spanning over 40 years — from the earliest distributed computing systems to their role as the backbone of modern web applications. Here is the complete story.
The Apollo Era (1980s)
The origin of UUIDs traces back to the Apollo Computer company in the 1980s. Apollo's Network Computing System (NCS) introduced a unique identifier format that combined a timestamp, a per-host clock sequence, and a hardware MAC address. This was the first practical implementation of a globally unique identifier generation scheme in a distributed computing environment.
Apollo's NCS identifiers used 64 bits — smaller than modern UUIDs — but established the core concepts of time-based generation with node identification that would later evolve into UUID v1.
OSF DCE and the Birth of UUID v1 (1990s)
When the Open Software Foundation (OSF) developed the Distributed Computing Environment (DCE) in the early 1990s, they expanded Apollo's concept to 128 bits and standardized it as the Universal Unique Identifier (UUID). This became what we now know as UUID v1:
- 60 bits — timestamp (100-nanosecond intervals since October 15, 1582)
- 14 bits — clock sequence (handles clock rollbacks)
- 48 bits — node identifier (typically a MAC address)
- 6 bits — version and variant markers (4 bits version, 2 bits variant)
Microsoft GUID (1995)
Microsoft adopted the same 128-bit identifier format for COM (Component Object Model) and OLE (Object Linking and Embedding), where it was named Globally Unique Identifier (GUID). GUIDs became deeply embedded in the Windows ecosystem — every COM class, interface, and type library received a GUID. The term GUID is still widely used today, though it is technically identical to a UUID.
Microsoft's GUID generator also used the v1 algorithm (timestamp + MAC address), which later led to the well-known privacy concerns about v1 UUIDs leaking network card addresses.
RFC 4122 (2005)
In July 2005, the IETF published RFC 4122, titled "A Universally Unique IDentifier (UUID) URN Namespace". This was the first formal IETF standard for UUIDs and defined:
| Version | Method | Status |
|---|---|---|
| v1 | Time + MAC address | Original DCE design |
| v2 | DCE Security (local domain) | Rarely used, underspecified |
| v3 | MD5 hash of namespace + name | Deterministic (deprecated: MD5) |
| v4 | Random (122 bits) | Most widely used |
| v5 | SHA-1 hash of namespace + name | Replaces v3 for new uses |
RFC 9562 (2024): The Modern UUID
In May 2024, the IETF published RFC 9562, which made major updates and additions to the UUID specification. This was a long-awaited update driven by the needs of modern distributed systems:
- UUID v6 — Time-ordered v1 fields, compatible with the v1 layout for legacy systems
- UUID v7 — Unix timestamp (ms) + random, fully sortable and B-tree friendly — the recommended default for new systems
- UUID v8 — Free-form vendor/application-specific UUIDs, for experimental and custom use cases
- UUID v4 updated — Clarified CSPRNG requirements, 122 random bits
- Proper UUID v7 monotonicity — Counter or random increment within the same millisecond
The Gregorian Calendar Epoch: Why October 15, 1582?
UUID v1 and v6 use a timestamp based on 100-nanosecond intervals since October 15, 1582. This date was chosen because it marks the first day of the Gregorian calendar — the day after October 4, 1582 in the Julian calendar was October 15, 1582 in the new Gregorian calendar. Using this epoch ensures consistent timestamp calculations across both calendar systems.
Legacy and Future
UUIDs have gone from niche distributed computing identifiers to one of the most widely used identification schemes in software engineering. They underpin databases, APIs, microservices, event sourcing, and increasingly, decentralized systems. With RFC 9562 introducing sortable UUIDs, they are more relevant than ever for modern cloud-native architectures.