You may have heard that "UUIDv2 is bad". Maybe you've never even heard of them and thought UUIDs went from v1 to v3. Why is that? What did UUIDv2 do wrong?

Playful Programming

UUIDv2 is largely absent from modern software due to two critical flaws. First, it lacks a formal definition in RFC 4122 (the 2005 IETF UUID spec), with only a one-line description referencing DCE Security. Its actual specification lives in the older 1997 DCE 1.1 standard. Second, and more critically, UUIDv2 suffers from severe collision risk: it encodes timestamps at only 7-minute granularity (vs. 100-nanosecond in UUIDv1) and reduces the clock sequence from 14 bits (16,384 values) to 6 bits (64 values). This means only 64 unique IDs can be generated per 7-minute window before collisions occur. UUIDv2 was designed to embed POSIX UIDs and GIDs into unique identifiers for Unix-like systems, but its structural trade-offs make it impractical for general use.

What Happened to UUIDv2?