Skip to main content
lab.golamrabbani.org

Random String Generator

Generate cryptographically random strings with full control over alphabet and length.

Written by Golam Rabbani, Founder & Lead Engineer

How to use this random string generator

  1. Set the desired string length in the "Length (1–256)" field.
  2. Enter how many strings you need in the "Count (1–50)" field.
  3. Choose a character set from the Alphabet dropdown: Alphanumeric, Lowercase, Uppercase, Digits, Hex, Base64-safe, or Custom alphabet.
  4. If you selected Custom alphabet, type the characters you want to include in the field that appears.
  5. Click Generate to produce the strings, then click Copy to copy all results to your clipboard.

About this random string generator

The random string generator produces one or more cryptographically random strings of configurable length and character set, suitable for unique IDs, API tokens, session keys, and synthetic test data.

The tool picks from six built-in presets — Alphanumeric (A–Z a–z 0–9, 62 characters), Lowercase (a–z), Uppercase (A–Z), Digits (0–9), Hex (0–9 a–f, 16 characters), and Base64-safe (A–Z a–z 0–9 - _, 64 characters) — plus a Custom option where you supply your own alphabet. Generation calls crypto.getRandomValues with rejection sampling: the largest multiple of the alphabet size that fits in a 32-bit integer is computed, and any drawn value at or above that limit is discarded and redrawn. This eliminates modulo bias, ensuring every character in the alphabet has an exactly equal probability of appearing at each position.

As a worked example, requesting one 32-character Hex string draws from a 16-character alphabet (0–9 a–f). Each character position independently selects one of 16 equally likely glyphs, producing output like "3f9a1c7e0b842d56af3e71c09d5b28e4". To generate three alphanumeric tokens of length 16, set Length to 16 and Count to 3; the tool returns three independent strings, each drawn uniformly from the 62-character alphanumeric alphabet.

This tool is useful for developers, QA engineers, and data analysts who need reproducible-in-format but unpredictable-in-value strings without a server-side script.

FAQ

What character sets does the random string generator support?
The tool offers six presets: Alphanumeric (A–Z a–z 0–9), Lowercase (a–z), Uppercase (A–Z), Digits (0–9), Hex (0–9 a–f), and Base64-safe (A–Z a–z 0–9 - _). A Custom alphabet option lets you supply any characters you need, with duplicates automatically removed.
How does the tool avoid modulo bias?
It uses rejection sampling. The tool calculates the largest multiple of the alphabet size that fits in a 32-bit integer and discards any drawn value at or above that cutoff. This guarantees every character has an equal probability of selection, with no bias toward the first characters in the alphabet.
Is the output cryptographically random?
Yes. All randomness comes from crypto.getRandomValues, which draws from the operating system's secure entropy pool. The output is suitable for tokens and IDs where predictability would be a security risk. It is not intended to replace a dedicated secrets management library for production key material.
What happens if I enter fewer than 2 unique characters in a custom alphabet?
The tool shows an error: "Custom alphabet must contain at least 2 unique characters." Duplicate characters you enter are silently collapsed before the check, so entering "aaaa" counts as one unique character and will trigger the error.
Does this tool store or transmit the strings it generates?
No. The random string generator runs entirely in your browser. Nothing is sent to a server or stored anywhere. Closing or refreshing the tab clears all generated output.
Is the random string generator free?
Yes. It is free to use with no signup, no account, and no usage limit.