We use cookies to understand how DevToolsHub is used and to improve your experience. You can choose which types of cookies to allow.
Generate cryptographically random strings with custom charset and length.
Loading...
Loading...
A random string generator is a tool that creates strings of random characters using cryptographically secure randomness. Unlike pseudo-random number generators like Math.random(), which are not suitable for security-sensitive applications, this tool uses the Web Crypto API (crypto.getRandomValues), which provides cryptographically secure random numbers suitable for generating API keys, session tokens, passwords, and other security-critical identifiers.
The tool supports multiple character sets including alphanumeric (AβZ, aβz, 0β9), hexadecimal (0β9, aβf), numeric (0β9), alphabetic (AβZ, aβz), lowercase (aβz), uppercase (AβZ), Base64 (AβZ, aβz, 0β9, +, /), and fully custom charsets. You can generate a single string or up to 1,000 strings in bulk, with lengths ranging from 1 to 128 characters. Every string is generated using rejection sampling to ensure a uniform distribution over the chosen character set.
Each generated string has a calculable level of entropy β the measure of how unpredictable the string is. The entropy is determined by the formula entropy = length Γ logβ(charset_size). For example, a 32-character alphanumeric string (charset size 62) has approximately 190 bits of entropy, making it virtually impossible to brute-force. The tool displays the entropy in real time as you adjust the length and charset, so you always know exactly how strong your generated strings are.
This tool uses the Web Crypto API (crypto.getRandomValues) for all random number generation. This API is available in all modern browsers and Node.js environments, and it provides cryptographically secure random values suitable for security-sensitive operations. The random numbers are generated by the operating system's cryptographically secure pseudo-random number generator (CSPRNG), which draws from entropy sources like hardware noise, interrupt timings, and other unpredictable system events.
To ensure a uniform distribution over the chosen character set, the tool uses rejection sampling. This technique rejects random values that would introduce bias when mapping to the character set. Without rejection sampling, some characters in the charset would be slightly more likely than others, reducing the effective entropy. With rejection sampling, every character in the charset has exactly the same probability of being selected.
All generation happens entirely in your browser β no string is ever sent to a server, stored in a database, or transmitted over the network. This makes the tool safe to use even for generating API keys, access tokens, and other sensitive credentials. Once you close or refresh the page, all generated data is gone.
The tool also includes a built-in UUID v4 generator that creates RFC 4122-compliant UUIDs using the same cryptographic randomness source. UUIDs are widely used as unique identifiers in databases, distributed systems, and API responses. Additionally, the token generator produces URL-safe tokens using the Base64url encoding (AβZ, aβz, 0β9, -, _), which are safe to use in URLs, filenames, and query parameters.
Loading...