Generate cryptographically random strings with a fully customizable charset, length, count and output format — all client-side via crypto.getRandomValues.
This tool uses crypto.getRandomValues() — the browser's CSPRNG (Cryptographically Secure Pseudo-Random Number Generator). Unlike Math.random(), it is suitable for generating secrets, tokens, API keys and passwords where predictability would be a security risk.
Entropy in bits = length × log₂(charset size). A 32-char string from a 62-char charset (a-zA-Z0-9) has ~190 bits of entropy — far beyond brute-force range. For passwords, 128+ bits is generally considered secure. Adding special characters dramatically increases entropy per character.
To avoid modulo bias (which skews distribution toward lower characters), this generator uses rejection sampling: it discards any random byte that falls outside the largest multiple of the charset size that fits in a byte, ensuring perfectly uniform character distribution across all charset positions.
The UUID v4 preset generates RFC 4122-compliant UUIDs: 128 random bits with specific version (4) and variant (10xx) bits set, formatted as xxxxxxxx-xxxx-4xxx-yxxx-xxxxxxxxxxxx. UUIDs are commonly used as database primary keys, session identifiers and distributed system IDs.