Random String Generator
Generate cryptographically secure random strings in multiple formats.
Cryptographically secure random string generation
Random strings are needed everywhere in software development: API keys, session tokens, CSRF tokens, random filenames, test data, nonces, and more. The quality of the randomness matters: strings generated with Math.random() are not suitable for security-critical uses because they are predictable.
This generator uses crypto.getRandomValues() for all formats, ensuring each string is unpredictable and suitable for security applications. Choose from hex, Base64, URL-safe Base64, or a plain string with a fully configurable character set.
Step-by-step guide
- 1Set the string length
Use the slider to choose from 1 to 256 characters. - 2Select a format
Choose Plain (customisable character set), Hex, Base64, or URL-safe Base64. - 3Customise characters (Plain mode)
Toggle uppercase, lowercase, numbers, and symbols on or off. Or enter a custom character set to use only specific characters. - 4Set the count
Enter how many strings you want to generate (up to 20 at once). - 5Generate and copy
Click Generate to produce your strings. Click the copy icon next to any string, or use Copy All to copy all strings as a newline-separated list.
Related Tools
Password Generator
Generate cryptographically secure passwords with customizable rules.
UUID / GUID Generator
Generate v1, v3, v4, or v5 UUIDs in bulk with multiple format options.
QR Code Creator
Create QR codes for URLs, plain text, or WiFi credentials with live preview.
Lorem Ipsum Generator
Generate classic lorem ipsum placeholder text by words, sentences, or paragraphs.
Frequently Asked Questions
- Are the strings cryptographically random?
- Yes. All strings are generated using crypto.getRandomValues(), the browser's CSPRNG. This is suitable for API keys, tokens, nonces, and other security-sensitive use cases.
- What is the difference between hex and alphanumeric formats?
- Hex uses only characters 0-9 and a-f, producing a longer string for the same number of bytes. Alphanumeric uses 62 characters (A-Z, a-z, 0-9), which is more compact. For a given entropy target, alphanumeric strings are shorter than hex strings.
- What is URL-safe Base64?
- URL-safe Base64 replaces + with - and / with _, and omits padding =. This makes the string safe to include in URLs, HTTP headers, and query parameters without percent-encoding.
- Can I generate strings with only specific characters?
- Yes. In Plain mode, enter any characters you want in the Custom characters field. The generator will use only those characters, ignoring the checkbox options. This is useful for generating strings that must match a specific format.
- How long should a random string be for use as an API key?
- For API keys, 32 characters of hex (128 bits of entropy) is a common minimum. 64 hex characters (256 bits) provides a large security margin. If using alphanumeric, 22 characters provides ~128 bits of entropy.
- Can I use this to generate passwords?
- Yes. Use Plain mode with uppercase, lowercase, numbers, and symbols enabled. Set the length to at least 16 characters. The output will be a random, high-entropy password.
- What is the maximum number of strings I can generate at once?
- Up to 20 strings per generation. Each string is independently random.
- Does the tool store or log generated strings?
- No. Everything runs in your browser. Generated strings are displayed in the page and are never sent to any server.
AlteredIdea vs alternatives
vs server-side tools: Everything runs in your browser: your data never leaves your device.
vs command-line tools: No setup needed. Works instantly in any browser.
vs paid tools: Completely free, no account required.