A universally unique identifier format (RFC 4122) with ~5.32 × 10³⁶ possible values, generated from random numbers.

Content & Writing Tools

Random String Generator

Generate random strings, passwords, API keys, tokens, PINs, hex codes, and UUIDs. Configurable length, character sets, and quantity. Cryptographically secure - powered by crypto.getRandomValues().

Configuration

String Length

Min: 1 - Max: 1000

How Many Strings

Min: 1 — Max: 100

Character Sets

Uppercase (A-Z) 26 chars Lowercase (a-z) 26 chars Numbers (0-9) 10 chars Symbols (!@#$%^&*) 30 chars Custom

Options

Exclude ambiguous (0, O, l, 1, I)

No repeating characters

Each string must be unique

Quick Presets

UUID v4 format — length and character set controls are disabled

🎲

Configure your settings above and click Generate to create random strings.

Quick Presets

100%

Free & Private

128+

Bits Entropy

Data Stored

— How It Works —

Generate in 3 Steps

Configure your settings, click Generate, and copy the output - all in your browser with cryptographic security.

Configure Settings

Set the string length, quantity, and character sets. Or use a quick preset for passwords, API keys, tokens, PINs, hex, or UUIDs.

Click Generate

The tool uses crypto.getRandomValues() to produce cryptographically secure random strings. See the strength meter update in real-time.

Copy & Use

Copy individual strings or all at once. Use them for passwords, tokens, test data, unique identifiers, or any purpose that needs randomness.

✦ Try It Now - It's Free

Random String Generator - Free & Secure Online Tool

This random string generator creates cryptographically secure random strings using CSPRNG via the Web Crypto API. Unlike tools that rely on Math.random(), this generator uses crypto.getRandomValues() for true unpredictability - making the output suitable for passwords, API keys, authentication tokens, and security-critical applications.

Everything runs in your browser. No data is sent to any server. No account required. Configure your character sets, length, quantity, and toggle advanced options like ambiguous character exclusion and no-repeat constraints.

Key Features

Cryptographic Security

Uses crypto.getRandomValues() - the same API browsers use for TLS. Each character is selected with uniform probability across the charset.

Entropy Strength Meter

See real-time entropy calculation in bits. The strength bar shows Very Weak through Very Strong with combination count in scientific notation.

6 Quick Presets

One-click configurations for Password (20 chars, all sets), API Key (32 chars), Token (64 chars), PIN (6 digits), Hex (32 chars), and UUID v4.

Batch Generation

Generate up to 100 strings at once. Enable "Each string must be unique" to guarantee no duplicates in the batch.

Ambiguous Exclusion

Toggle to remove easily confused characters (0, O, o, l, I, 1) from the charset. Essential for generating readable codes and tokens.

Custom Character Sets

Combine predefined sets (uppercase, lowercase, numbers, symbols) with custom characters. The tool deduplicates automatically.

This Tool vs. Other Generators

Feature	Basic Generators	This Tool
Randomness source	Math.random() (predictable)	✓ crypto.getRandomValues() (CSPRNG)
Strength meter	Rarely	✓ Entropy bits + visual bar + combinations
Quick presets	Sometimes 1-2	✓ 6 presets including UUID v4
Ambiguous exclusion	Sometimes	✓ Toggle removes 0, O, o, l, I, 1
No-repeat constraint	Rarely	✓ Each character appears once max
Batch uniqueness	Rarely	✓ Deduplication with max-attempts safety
Custom charset	Sometimes	✓ Combinable with all presets
Privacy	Varies (server-side)	✓ 100% browser-based, zero data sent

Understanding Entropy

Entropy measures how unpredictable a string is. It's calculated as log₂(charsetSize) × length in bits. A 16-character alphanumeric string (62 chars) has about 95 bits of entropy - far above the 80-bit minimum recommended for security-critical applications.

The strength meter uses five levels: Very Weak (below 28 bits), Weak (28-35), Fair (36-59), Strong (60-127), and Very Strong (128+ bits). For passwords, aim for at least 60 bits. For API keys and tokens, 128+ bits is ideal.

Common Use Cases

🔐

Passwords

Generate strong, unique passwords with all character types and ambiguous exclusion for readability.

🔑

API Keys & Tokens

Create 32 or 64 character alphanumeric keys for authentication systems, webhook secrets, and service accounts.

🆔

Unique Identifiers

Generate UUIDs, hex IDs, or custom-format identifiers for databases, file names, and distributed systems.

🧪

Test Data

Batch-generate random strings for QA testing, form filling, load testing, and mock data population.

Ready to Generate?

Configure settings, pick a preset, or just click Generate for instant cryptographic randomness.

Generate Strings →

Quick Info

Randomness: crypto.getRandomValues()
Presets: 6 one-click configs
Length: 1 to 1,000 chars
Batch: Up to 100 strings
Charsets: 5 combinable sets
Privacy: 100% browser-based

On This Page

— FAQ —

FAQs – Random String Generator

Is this generator cryptographically secure?+

Yes. The tool uses crypto.getRandomValues() - the Web Crypto API that browsers use for TLS encryption. This produces cryptographically secure pseudorandom numbers, unlike Math.random() which is predictable. A fallback to msCrypto is provided for older IE browsers, with Math.random() as a last resort only.

What character sets are available?+

Five combinable sets: Uppercase (A-Z, 26 chars), Lowercase (a-z, 26 chars), Numbers (0-9, 10 chars), Symbols (!@#$%^&* and more, 30 chars), and Custom (any characters you enter). You can combine any or all of these together.

What do the quick presets configure?+

Password: 20 chars, all sets, excludes ambiguous. API Key: 32 chars, alphanumeric, excludes ambiguous. Token: 64 chars, lowercase + numbers. PIN: 6 digits only. Hex: 32 chars of 0-9a-f. UUID: generates a proper UUID v4 format string.

What does "Exclude ambiguous characters" do?+

It removes characters that look similar in many fonts: 0 (zero) and O (oh), l (el) and 1 (one), and I (capital i). This makes strings easier to read, transcribe, and communicate verbally.

How does "No repeating characters" work?+

When enabled, each character in a single string can only appear once. If the requested length exceeds the charset size, the length is automatically capped with a warning. For example, numbers only (10 chars) can produce a maximum of 10 characters without repeats.

What does the strength meter show?+

The strength meter calculates entropy in bits using log₂(charsetSize) × length. It shows five levels: Very Weak (below 28 bits), Weak (28-35), Fair (36-59), Strong (60-127), and Very Strong (128+). It also displays the total number of possible combinations.

How many strings can I generate at once?+

Up to 100 strings in a single batch. You can enable "Each string must be unique" to ensure no duplicates. If the combination space is too small for the requested count, a warning explains how many unique strings could be generated.

Is my data sent to any server?+

No. All generation happens entirely in your browser using JavaScript. Nothing is stored, logged, or transmitted. The tool works offline once the page is loaded.

What is UUID v4?+

UUID v4 is a universally unique identifier format defined in RFC 4122. It has the format xxxxxxxx-xxxx-4xxx-yxxx-xxxxxxxxxxxx where x is a random hex digit and y is 8, 9, a, or b. Version 4 UUIDs are generated from random numbers and have approximately 5.32 × 10³⁶ possible values.

Does it work on mobile?+

Yes. The layout is fully responsive - the configuration panel and output cards adapt to mobile screens. The slider, stepper, and all controls work on touch devices.

Start Generating Random Strings

Cryptographically secure. 6 presets. Batch generation. Entropy meter. Free, private, browser-based.

🎲 Generate Strings - It's Free