If you're generating passwords, tokens, or encryption keys using Math.random() in JavaScript — stop. It's not truly random, and it's not safe for security-sensitive use cases.
PRNG vs CSPRNG
Pseudorandom Number Generators (PRNG) — functions like Math.random() use a mathematical algorithm seeded from an initial value. They are fast but not suitable for cryptography.
Cryptographically Secure PRNGs (CSPRNG) — use hardware entropy sources that are practically impossible to predict. Examples: crypto.getRandomValues() in JavaScript, the secrets module in Python 3, and /dev/urandom on Linux.
When You Need Cryptographic Randomness
- Generating passwords — predictable values can be brute-forced faster
- Creating API keys or tokens — must not be guessable
- Lottery or giveaway picks — fairness depends on unpredictability
- Encryption key generation — entirely depends on entropy quality
When Regular Randomness Is Fine
- Shuffling a playlist or selecting random UI animations
- Simulation, game AI, and statistical sampling
Use the Free Generator
Use the Anonymiz Random Number Generator for secure random numbers without writing code. Supports custom ranges, dice rolling (d4 through d20), lottery sets, coin flips, and cryptographically secure output.