A Nano-ID is a short, URL-friendly identifier — typically 21 characters from the A–Z a–z 0–9 _ - alphabet (the URL-unreserved set from RFC 3986). With 64 possible characters per position, 21 characters yield roughly 126 bits of entropy — comparable to a UUID v4 (122 bits) but 15 characters shorter and without dashes. That makes them ideal as URL slugs, database primary keys, or API tokens where compact, URL-safe IDs are needed.

How safe are short IDs against collisions?

Safety depends on length × alphabet × number of drawn IDs. With 21 characters from the 64-char URL-safe alphabet you get a search space of 64^21 ≈ 4 × 10^37 — even at 1 billion drawn IDs the collision probability is around 10^-19. Practically impossible. For 8 characters from the same alphabet (64^8 ≈ 2.8 × 10^14) and 1 million drawn IDs the probability climbs to about 0.2 % — still acceptable for URL slugs but not for session tokens. The built-in calculator shows the exact value for your choice via the [Birthday Paradox](https://en.wikipedia.org/wiki/Birthday_problem).

What is the difference between Nano-ID and UUID?

Nano-ID and [UUID](https://en.wikipedia.org/wiki/Universally_unique_identifier) are both statistically unique identifiers without central allocation. UUID v4 is 128 bits, formatted as 36 characters with four dashes (`550e8400-e29b-41d4-a716-446655440000`) — fixed by RFC 9562. Nano-ID is flexible: typically 21 characters for 126 bits of entropy, but configurable in length and alphabet. Nano-ID advantages: shorter (no dashes), URL-safe without encoding, free in size (8 for URL slugs, 32 for API keys). UUID advantage: standardized, parseable identically across all databases and languages.

Why exclude 0/O or 1/l in 'no lookalikes' mode?

For printed codes (coupons on receipts, OCR lookup codes, paper support tickets) the characters 0/O (zero vs. capital O) and 1/l/I (one vs. lowercase L vs. uppercase i) are the classic source of reading errors. The 'no lookalikes' mode removes these six characters from the alphanumeric set — 56 characters remain, still enough for 8–16-character codes. The read-aloud badge tells you instantly whether your chosen alphabet is 'speakable' — important for phone support, voice assistants, and confirmation codes.

Are my generated IDs uploaded or stored anywhere?

No. Every ID is generated entirely inside your browser via `crypto.getRandomValues()` — the W3C-standardized cryptographic random source. No server call, no logging endpoint, no telemetry. Generated IDs never leave your browser tab; the CSV file is built locally as a Blob and saved via the browser’s native download mechanism. No cookies, no localStorage persistence for results — once you close the tab the IDs are gone, unless you copied or exported them.

What length should I pick for which use case?

Eight characters work for internal URL slugs in moderate-volume apps (e.g. Pastebin clones, small link shorteners) — search space 2.8 × 10^14. Twelve characters are standard for mid-sized apps like bug trackers or asset IDs. Sixteen characters are robust for multi-tenant systems. Twenty-one characters is the Nano-ID default and the right choice for 99 % of use cases — it matches a UUID in entropy. Thirty-two characters for API keys or long-lived tokens where extra safety margin is desired. The calculator shows the exact collision probability for each choice at your expected volume.

Can I enter a custom alphabet?

Yes — pick 'Custom alphabet' and type your set. The tool validates live: minimum 2 ASCII characters, duplicates are ignored, non-ASCII characters (umlauts, emojis) are dropped. Warnings appear for lookalike characters (0/O/o/1/l/I) and non-URL-safe characters (`! @ # *` etc.) — but they do not block, in case you genuinely need e.g. a phonetic set without the lookalike filter. The resulting alphabet appears normalized (deduplicated, first-seen order) — so you see exactly what will be used.

How does bulk generation work?

Pick 1, 10, 100, 1 000, or 10 000 in the count selector — anything up to 10 000 is generated in one pass. Every ID uses the same configuration (length, alphabet). Output appears as a line-separated list in the result box, copyable as plain text or via 'Download CSV' as a `.csv` file with quoted values. At 10 000 IDs from the 64-char alphabet at length 21, the file is around 250 KB — all processing runs pure-client, the CSV is created via `URL.createObjectURL` as a Blob and saved through the native browser download dialog.

Nano-ID Generator — short URL-friendly IDs in your browser

What is a Nano-ID?

A Nano-ID is a compact, URL-friendly identifier — the shorter alternative to the classic UUID. Default is 21 characters from the URL-safe alphabet A–Z a–z 0–9 _ - (the URL-unreserved character set per RFC 3986). With 64 possible characters per position, 21 characters yield around 126 bits of entropy — comparable to UUID v4 (122 bits) but 15 characters shorter and without dashes.

Three properties distinguish this tool from the competitors reviewed in research:

Inline collision calculator: while you pick length and alphabet, the built-in accordion shows live, via the Birthday Paradox, how likely a collision becomes at 1 000 / 100 000 / 1 M / 1 B / 1 T drawn IDs. Competing tools ship either a pure generator (no math) or a pure calculator (no generator) — we combine both.
Use-case recipes: five 1-click presets for URL slug, API key, coupon code, session ID, and file suffix. Each recipe pins length AND alphabet to the canonical choice for that use case — no more “what length do I need?” paralysis.
No-lookalike mode + read-aloud badge: the special alphabet without 0/O/o/1/l/I suits printed or spoken codes (coupons, OCR receipts, support tickets). A badge confirms ‘read-aloud friendliness’ instantly.

The UI follows Refined Minimalism: crypto badge at the top, five use-case recipes as cards, length and count side-by-side, alphabet dropdown, large ‘Generate’ button, output in monospace, collision accordion. No tracking, no account, no server.

How does the cryptographic random source work?

The tool uses crypto.getRandomValues() — the W3C Web Crypto API shipped in every modern browser since 2014. It returns unpredictable bytes from the operating system entropy pool: Linux uses /dev/urandom, macOS uses a similar random service, Windows uses its system crypto API. These sources are continuously fed from hardware events (keystroke timing, mouse movement, network jitter, disk latency).

From the 32-bit raw value, rejection sampling maps to an index into the chosen alphabet — without the modulo bias that byte % alphabetSize introduces for alphabet sizes that aren’t powers of two. This is the same algorithm the original Nano-ID library uses: mask with the smallest 2^k − 1 ≥ alphabetSize − 1, reject values ≥ alphabetSize, draw a new byte.

The browser-crypto badge at the top shows the active source. ‘Browser-crypto · cryptographic quality’ when crypto.getRandomValues() is available, ‘Pseudo-random · math-based’ in the rare fallback (very old browsers, exotic embedded WebViews). The RNG quality stays visible — competitor tools don’t do this.

How does the collision calculator compute probability?

The calculator uses the closed-form Birthday Paradox approximation:

P(collision) ≈ 1 − exp( −n·(n−1) / (2 · S) )

with n = number of drawn IDs and S = alphabet size raised to length. The computation runs in log-space, so even n = 10^12 doesn’t overflow.

A few orders of magnitude for intuition:

Length	Alphabet	Drawn IDs	Collision probability
8	64 (URL-safe)	1 M	≈ 0.18 %
8	36 (lowercase alphanum)	1 M	≈ 18 %
8	56 (no lookalikes)	1 M	≈ 0.55 %
12	64 (URL-safe)	1 B	≈ 7 × 10^-6
16	64 (URL-safe)	1 T	≈ 5 × 10^-9
21	64 (URL-safe)	1 T	≈ 3 × 10^-15
32	64 (URL-safe)	1 T	< 10^-37

Rule of thumb: at short lengths (≤12 characters) you MUST know your volume; at 21 characters a collision is practically impossible even at 1 trillion drawn IDs. The calculator shows five qualitative tiers — ‘Practically impossible’, ‘Very rare’, ‘Rare’, ‘Possible’, ‘Likely’ — with a color-coded badge so you can tell at a glance whether your choice holds up.

Which use-case recipes are included?

Five presets cover the most common scenarios — each one pins both length AND alphabet on a single click:

URL slug (8 characters, URL-safe). Ideal as a short identifier inside URLs, hand-readable and encoding-free. Example: example.com/p/aB3xK_7q. Search space 64^8 ≈ 2.8 × 10^14 — plenty for any link shortener and for Pastebin-style apps up to about 100 million entries. For high-volume URLs (>1 B) prefer 10–12 characters.

API key (32 characters, alphanumeric, no symbols). Without _ and - for maximum compatibility with token headers and tools that occasionally interpret symbols as separators. Search space 62^32 ≈ 2.3 × 10^57 — collision-mathematically untouchable at any realistic volume.

Coupon code (8 characters, no lookalikes). Designed for printed codes on receipts or postal mailers. Removes 0/O/o/1/l/I — 56 characters remain, search space 56^8 ≈ 9.7 × 10^13. Up to 1 million codes the collision probability stays around 0.55 %, which is uncritical for coupon runs (duplicates are caught at the POS).

Session ID (21 characters, URL-safe). The Nano-ID standard default — the safest one-size-fits-all value. Search space 64^21 ≈ 4 × 10^37, equivalent in entropy to a UUID. Safe for web sessions, persistent user IDs, and cookie values. Also a clean drop-in replacement for UUID v4 when URL length matters.

File suffix (6 characters, lowercase + digits). For temporary filenames like report-x7k2qm.pdf or upload hashes. Lowercase matches most filesystem conventions (Windows is case-insensitive, Linux case-sensitive — lowercase avoids both traps). Search space 36^6 ≈ 2.2 × 10^9 — safe up to 10 000 parallel uploads per user.

What does the tool deliberately not do?

Three things the tool stays out of on purpose:

No UUID generation: that lives in the separate UUID generator — clean separation prevents UI bloat. If you need UUID v4 or v7, the sibling tool is the right place.
No sequential IDs (ULID, KSUID, Snowflake): those are time-based identifiers with different properties (lexicographic sort order, embedded timestamp). If demand surfaces, they’ll get a dedicated sibling tool — until then a deliberate gap.
No streaming for >10 000 IDs: anything bigger would block the main thread. 10 000 is the sweet spot between ‘useful for CSV import generation’ and ‘stays responsive in the UI’. For genuine high-volume needs, use a server-side library.

Statistically, crypto.getRandomValues() is auditably uniformly distributed for all standard use cases. Browser vendors test the implementation against the NIST SP 800-22 test suite — 16 statistical hypothesis tests that every modern JavaScript engine passes.

For applications that demand true physical randomness — cryptographic key generation for high-security systems, scientific studies with double-blind randomization — a hardware RNG is the reference. Browser crypto covers 99 % of realistic ID use cases, but it is explicitly not a hardware random source.

Nano-ID Generator — short, URL-friendly, cryptographic

How It Works

Paste text or code

Instant processing

Copy result

Privacy

How do you use this tool?

What is a Nano-ID?

How does the cryptographic random source work?

How does the collision calculator compute probability?

Which use-case recipes are included?

What does the tool deliberately not do?