Does UUID v1 still leak the MAC address?

Per the RFC, yes — the node field is supposed to be the host's MAC address. In practice, modern libraries (including this one, since it runs in your browser) substitute a random 48-bit value for the node, so most real-world v1 UUIDs do not actually leak hardware identifiers.

Is UUID v4 always longer-lived than v1?

Both are 128-bit values and have the same lifespan as identifiers. The deeper question is collision probability: v4's 122 random bits give ~5.3 × 10^36 possibilities, while v1's collision behavior depends on clock resolution and node uniqueness. In all practical scenarios both are 'unique enough' to never collide.

UUID v1 vs UUID v4 — Time-Based vs Random

Side-by-side comparison

Property	UUID v1	UUID v4
Source bits	60 timestamp + 14 clock seq + 48 node	122 random
Reveals creation time	Yes (100ns precision)	No
Reveals node / hardware	Originally MAC; modern impls use random	No
Lexically sortable	No (use v6 for that)	No
Best fit	Legacy systems, CDR/event correlation	Public IDs, tokens, file names

Why v4 won the popularity contest

UUID v1 was the original RFC 4122 design and is still what PostgreSQL's legacy uuid_generate_v1() function produces. But three things made v4 dominant in modern code: (1) it requires no clock or hardware state, just a CSPRNG; (2) it leaks nothing about the generating machine; (3) random IDs are trivially deterministic to test against. RFC 9562 keeps v1 for backward compatibility but introduces v6 and v7 as the modern time-based choices.

Frequently asked questions

Neither — for new applications, the modern choice is v4 (random) for unguessable IDs and v7 (time-ordered, RFC 9562) for sortable database keys. v1 has been largely superseded by v6 and v7. Use v1 only when you must interoperate with an existing v1-based system.