Generate cryptographically secure random numbers, passwords, or strings.
Random numbers are not as random as they seem — and when that matters
Most software random number generators, including the one in your browser, are pseudorandom — they use a deterministic algorithm seeded by an unpredictable value (like the current timestamp in microseconds). For games, simulations, random picks, and dice rolls, this is perfectly adequate. For cryptographic purposes — generating passwords, secret keys, or security tokens — you need a cryptographically secure RNG that browsers access via the Web Crypto API, which this tool uses for password generation.
Password strength is almost entirely a function of length and character pool size. An 8-character password using only lowercase letters has 26^8 possible combinations — about 200 billion, which sounds like a lot until modern GPUs crack it in hours. A 16-character password from a 94-character pool (letters, numbers, symbols) has 94^16 combinations — more than 10^31, which is computationally infeasible to brute force. Every additional character multiplies the search space exponentially.
Frequently asked questions
How random is a random number generator on a website?
For non-security purposes, browser-based random number generation is <strong>effectively random for practical use</strong>. The numbers are not truly random in the physics sense, but the sequences are long enough and unpredictable enough that they pass all standard statistical randomness tests. The distinction only matters if you are generating cryptographic material — secret keys, passwords, or tokens — in which case the Web Crypto API (which this tool uses) provides genuinely cryptographically secure randomness.
What makes a strong password?
Length matters more than complexity. A <strong>16-character password is dramatically stronger than an 8-character one</strong>, even if the shorter one uses more special characters. The math: every added character multiplies the brute-force search space by the pool size. Use at least 16 characters for any password protecting a real account. Use a password manager — the bottleneck is not generating strong passwords, it is storing them so you do not reuse the same one across sites.
Is a random name or item pick from a list fair?
Yes, for practical purposes — each item in the list gets an equal probability of selection. The fairness assumption breaks down only if your list has <strong>duplicate entries</strong>, in which case duplicates get proportionally higher odds. If you are running a raffle or contest with any material stakes, consider a verifiable public randomness source like the NIST Randomness Beacon or a transparent lottery draw, since browser-based picks cannot be independently audited after the fact.
What is the difference between a random number and a dice roll?
Mechanically, a dice roll is just a random integer within a fixed range — a d6 is a random number from 1 to 6, a d20 from 1 to 20. The difference is that <strong>physical dice have known failure modes</strong>: imperfect manufacturing, worn faces, and surface texture all slightly bias results over thousands of rolls. Software dice rolls are mathematically unbiased within their range. For tabletop gaming, the practical difference is irrelevant. For statistical simulations, software dice are more reliable.