Random strings for tokens and fixtures — not your vault
Set length; choose alphabet (alnum / hex / custom); generate. Uses `crypto.getRandomValues`.
chars: 2
When to use
Test tokens, invite codes, non-crypto-critical IDs with a chosen alphabet/length.
Examples
How it works
Maps CSPRNG bytes onto the charset (avoids naive modulo bias when implemented correctly).
Common pitfalls
- Alphabet size and length drive strength — short numeric codes are weak.
- Not a password manager substitute.
- Avoid biased mapping from bad modulo code (we document the method).
How this differs
Opaque strings vs UUID’s structured IDs. Hashes need input; this needs only options.
FAQ
Is this a password generator?
You can use it, but we don’t store, audit strength meters, or replace a password manager.
Bias in character picking?
Use rejection sampling / large-bit method.
Related?
UUID for standard 128-bit IDs.
Uploaded?
No.
Related tools
Runs in your browser. Nothing is uploaded. Not a security product —hashes and JWT decode are for debugging, not password storage or auth advice.