REW

How To Generate Random Id In C?

Published Aug 29, 2025 6 min read
On this page

Generating a truly random, unique ID in C is a complex task because the language itself does not have a built-in cryptographically secure random number generator (CSPRNG).

The most common approach uses the standard library's pseudo-random number generator (PRNG), but this is not suitable for applications requiring high security or guaranteed uniqueness. For more robust solutions, you must leverage operating system features or external libraries.

Here is a detailed guide covering different methods, from the simplest approach to more advanced, robust techniques.

Method 1: Using the standard library rand() and srand()

For non-critical applications like a simple game or a test program, the standard C library's stdlib.h functions rand() and srand() are a simple option. However, you must first "seed" the generator with a value that changes with each program run to avoid getting the same sequence of numbers. A common seed is the current time.

Code example

#include <stdio.h>
#include <stdlib.h>
#include <time.h>
// Function to generate a random ID within a specified range
int generate_random_id(int min, int max) {
    return (rand() % (max - min + 1)) + min;
}
int main() {
    // Seed the random number generator once at the beginning of the program
    srand((unsigned int)time(NULL));
    // Generate and print 5 random IDs
    printf("Generating 5 pseudo-random IDs:\n");
    for (int i = 0; i < 5; i++) {
        int id = generate_random_id(10000, 99999);
        printf("ID: %d\n", id);
    }
    return 0;
}

Use code with caution.

How it works

  • srand((unsigned int)time(NULL));: The srand() function seeds the PRNG. By using time(NULL), which returns the current time in seconds, the seed is different each second, generating a different sequence of pseudo-random numbers on each program run. It is critical to call srand() only once.
  • rand(): After seeding, each call to rand() returns a new pseudo-random integer in the range of 0 to RAND_MAX.
  • rand() % (max - min + 1)) + min;: This formula scales the random number to fit within the desired range.

Limitations of this method

  • Not truly random: The numbers are predictable if the seed is known.
  • Not unique over a short time span: If the program generates multiple IDs within the same second, time(NULL) will return the same value, leading to the same sequence of "random" IDs.
  • Low quality randomness: The rand() function is often based on simple algorithms, and the quality of its randomness is poor compared to more modern generators.

Method 2: Using the Unix-like /dev/urandom device

For Unix-like systems (Linux, macOS, BSD), a more robust source of randomness is available through special device files in the filesystem, specifically /dev/urandom. Reading from this file provides high-quality, cryptographically secure pseudo-random bytes.

Code example

#include <stdio.h>
#include <stdlib.h>
#include <fcntl.h>
#include <unistd.h>
// Function to generate a random long integer using /dev/urandom
unsigned long get_urandom_long() {
    int fd;
    unsigned long result;
    fd = open("/dev/urandom", O_RDONLY);
    if (fd < 0) {
        perror("Error opening /dev/urandom");
        exit(EXIT_FAILURE);
    }
    read(fd, &result, sizeof(result));
    close(fd);
    return result;
}
int main() {
    printf("Generating a cryptographically secure random ID:\n");
    unsigned long id = get_urandom_long();
    printf("ID: %lu\n", id);
    return 0;
}

Use code with caution.

How it works

  • open("/dev/urandom", O_RDONLY): This opens the /dev/urandom device file for reading.
  • read(fd, &result, sizeof(result)): This reads a specified number of bytes from the device file directly into a variable. The contents of /dev/urandom are a continuous stream of random bytes.
  • The get_urandom_long function can be used to generate a single random integer of any desired size. For a random string, you would read bytes into a character array.

Benefits of this method

  • Stronger randomness: /dev/urandom draws from a system-wide pool of entropy and is cryptographically secure.
  • Always available: It will not block, even if the system's entropy pool is low, by using a secure PRNG to generate additional bits.
  • No manual seeding: The operating system handles the seeding for you.

Method 3: Generating a UUID with libuuid

For a universally unique identifier (UUID), you can use the libuuid library on Linux, which provides a standard way to generate a 128-bit ID. This is the best method for creating IDs that are guaranteed to be unique across different systems and time.

Prerequisites

You must install the libuuid development package. On Debian/Ubuntu, use sudo apt-get install uuid-dev.

Code example

#include <stdio.h>
#include <uuid/uuid.h>
int main() {
    uuid_t binuuid;
    char uuid_str[37]; // 36 characters for UUID + 1 for null terminator
    // Generate a new UUID
    uuid_generate_random(binuuid);
    // Unparse the UUID to a string
    uuid_unparse_lower(binuuid, uuid_str);
    printf("Generated UUID: %s\n", uuid_str);
    return 0;
}

Use code with caution.

Compilation

You need to link against the uuid library by using the -luuid flag during compilation:gcc -o generate_uuid generate_uuid.c -luuid

How it works

  • uuid_t binuuid;: This declares a 16-byte array to hold the binary UUID.
  • uuid_generate_random(binuuid);: This function fills the binuuid with a cryptographically secure, random 128-bit UUID.
  • uuid_unparse_lower(binuuid, uuid_str);: This converts the binary UUID into its standard string representation (e.g., 550e8400-e29b-41d4-a716-446655440000) and saves it to a character array.

Benefits of this method

  • Guaranteed uniqueness: The statistical probability of a collision is so low as to be negligible for practical purposes.
  • Cryptographically secure: Uses a strong random source.
  • Standardized format: The resulting ID is in the standard UUID format.

Method 4: Combining elements for a unique but predictable ID

If your primary goal is to produce a unique ID within a single program instance, and not necessarily a truly "random" or universally unique one, you can combine a monotonically increasing counter with the process ID. This is simple, fast, and does not rely on external libraries.

Code example

#include <stdio.h>
#include <unistd.h>
// Global static counter, initialized to 0
static long long counter = 0;
// Function to generate a unique ID
long long generate_unique_id() {
    pid_t pid = getpid();
    return (long long)pid << 32 | counter++;
}
int main() {
    printf("Generating unique IDs within this process:\n");
    for (int i = 0; i < 5; i++) {
        long long id = generate_unique_id();
        printf("ID: %lld\n", id);
    }
    return 0;
}

Use code with caution.

How it works

  • getpid(): This function retrieves the process ID, which is unique for each running process.
  • counter++: A static counter ensures that each ID generated within the same process is unique.
  • (long long)pid << 32 | counter++: This combines the process ID and the counter into a single 64-bit number. The process ID occupies the higher-order bits, while the counter occupies the lower-order bits.

Benefits of this method

  • Guaranteed uniqueness per process: No chance of collision within a single program instance.
  • Fast: Uses no external resources or system calls for each ID generation.
  • Predictable: Useful for debugging, as the sequence is deterministic.

Limitations of this method

  • Not random: Predictable sequence.
  • Not universally unique: Different processes will produce IDs with overlapping number spaces.

Choosing the right method

The best way to generate a random ID depends on your application's requirements for uniqueness, security, and portability.

Method Best for... Uniqueness Randomness Portability Security
rand() and srand() Simple, non-critical scenarios like educational examples. Low (prone to collisions over time). Pseudo-random, predictable. High (standard C library). Low (not for security).
/dev/urandom Unix-like systems needing high-quality, secure randomness. High (very low collision risk). High (cryptographically secure). Low (Unix-like systems only). High.
libuuid Universal uniqueness, distributed systems. Extremely high (guaranteed across systems). High (cryptographically secure). Medium (requires a specific library). High.
Counter + PID Fast, unique-per-process IDs. High (within a single process). Non-random, predictable. High (standard C and POSIX). Low.
Enjoyed this article? Share it with a friend.