Is this safe for production?

Generated locally using the Web Crypto API which is cryptographically secure. Never share or log generated tokens.

What entropy is enough?

For API keys and secrets, aim for at least 128 bits of entropy. A 32-char hex token gives 128 bits; 64-char gives 256 bits.

What's the difference between hex and Base64 tokens?

Hex encodes each byte as 2 characters (0–9, a–f), giving 4 bits per character. Base64 uses 64 characters, giving 6 bits per character — so a Base64 token is ~33% shorter for the same entropy.

Should I store generated tokens in plain text?

No. Store a cryptographic hash (e.g. SHA-256) of the token in your database, just as you would a password. Compare the hash of the submitted token, not the raw value.

Random Token Generator

Generated locally — never transmitted

Generate cryptographically secure random tokens, API keys, secrets, and OTPs using the Web Crypto API. All generation is local.

Configuration

Format

Length (characters)

Count (1–100)

Runs entirely in your browser — nothing is uploaded

Runs in your browser

Next steps

Nano ID Generator

Recommended

Generate compact, URL-safe unique IDs. Configurable alphabet and size.

UUID Generator

Recommended

Generate v4 UUIDs instantly — copy one or bulk-generate thousands.

Hash Generator

Generate secure MD5, SHA-256, and SHA-512 hashes from any text.

Bcrypt Generator

Hash and verify passwords with bcrypt. Adjustable cost factor.

View all tools →

Runs entirely in your browser. No uploads. Your files stay private.

Cryptographically Secure Tokens

A random token is only as good as its source of randomness. JavaScript's Math.random uses an xorshift-class pseudo-random number generator that is fast and well-distributed but completely predictable from any captured output — using it for authentication tokens, API keys, password reset URLs, or session identifiers is a known vulnerability. This tool draws all bytes from window.crypto.getRandomValues, the Web Crypto API's CSPRNG, which browsers back with the operating system's secure random source (BCryptGenRandom on Windows, /dev/urandom on Linux, SecRandomCopyBytes on macOS).

Generation works by pulling a Uint8Array of random bytes, then mapping each byte onto your chosen alphabet using a power-of-two mask. Bytes whose value exceeds the alphabet length are rejected and resampled, which avoids the modulo bias that would otherwise make some characters slightly more likely than others. The end result is a uniformly random string at the entropy density of the chosen format.

Entropy is measured in bits and tells you how many guesses an attacker would need on average to find a matching token. A 32-character hex string has 128 bits of entropy (4 bits per nibble x 32) — comparable to a UUID v4 and beyond what current hardware can brute-force. A 64-character hex string is 256 bits, matching the strength of an AES-256 key. Base64-style alphabets pack 6 bits per character, so a 22-character Base64 token reaches roughly 128 bits of entropy in noticeably less space.

The four format choices map to the four common operational shapes. Hex is compact, copy-paste safe, and survives any encoding boundary — ideal for raw API keys, session secrets, and HMAC keys. Base64 URL-safe drops the +/= characters that need URL encoding and is best when you want short, dense tokens for query parameters or single-page-app session IDs. Alphanumeric is friendlier for human-readable references like invitation codes. Digits-only is the right choice for SMS OTPs and authenticator-style numeric verification flows.

Length matters. The minimum length to reach 128 bits of entropy depends on the alphabet: 32 hex characters, 22 Base64 characters, 22 alphanumeric characters, or 39 digits. For a 6-digit OTP code, the entropy is only about 20 bits — that is fine for a one-time code that expires in 60 seconds and tolerates only a handful of attempts before lockout, but it is far too weak for anything persistent.

Storage matters even more than entropy. Treat tokens like passwords: never log them, never store them in plain text, and compare hashes rather than raw values. For long-lived secrets, store SHA-256 of the token in the database and compare hash against hash. Rotate any token that may have leaked and invalidate it server-side immediately. The most common production incident is a token logged accidentally to an aggregator like Datadog or Sentry — guard against that at the logging layer, not by trying to remember.

All generation runs locally. The bytes never traverse the network, no analytics endpoint sees them, and closing the tab discards them. You can disconnect from the internet and the page will keep generating, since crypto.getRandomValues works offline.

Common Use Cases

API key issuance

Mint 32-64 hex characters for backend service keys, with the prefix telling clients it is a secret to keep.

Webhook signing secrets

Generate the shared secret used to sign outbound webhook bodies with HMAC-SHA-256.

Password reset tokens

Create a single-use token that you store hashed and email to the user as a reset link parameter.

Email verification links

Mint a token attached to a signup record so the user proves they own the email address.

Frequently Asked Questions

Yes — the source is crypto.getRandomValues, which the Web Crypto specification requires to be a CSPRNG. Where you go wrong is afterward: never paste a real production token into chat, screenshot it, or commit it to source control.

For long-lived secrets, 128 bits is the modern floor and 256 bits is comfortably future-proof. Short-lived OTPs can be far weaker (20 bits) because rate limiting and TTL do most of the security work. Match entropy to the threat model, not to a fixed number.

Hex encodes 4 bits per character with the alphabet 0-9 a-f, so a byte takes 2 chars. Base64 encodes 6 bits per character with a 64-character alphabet, so 3 bytes pack into 4 chars — about 33 percent shorter for the same entropy.

No. Hash it with SHA-256 (or BLAKE2/Argon2 if performance allows) and store the digest. When a request arrives, hash the submitted token and compare digests with a constant-time function. This way a database leak does not hand attackers usable credentials.

Because the alphabet length is rarely a power of two, mapping every byte 0-255 directly would bias some characters. The rejection step ensures uniform distribution. The cost is a few extra bytes of randomness per token, which is invisible on modern hardware.

For symmetric keys (HMAC, AES) the bytes are perfectly suitable — pick the format and length that matches the algorithm's key size. For asymmetric keypairs (RSA, ECDSA), use a dedicated key generation tool that runs the algorithm-specific structure.

URL parameters get logged by web servers, captured in browser history, and sent in Referer headers. Tokens that travel in URLs (reset links, magic logins) should be single-use, time-limited, and invalidated as soon as the destination is reached.

No. Each call to crypto.getRandomValues returns fresh entropy from the OS pool. There is no seed and no way to reproduce a previously generated token.

OTPs trade entropy for human usability. The strength comes from short TTL (typically 30-60 seconds), strict rate limiting, and lockout after a small number of failed attempts. Without those controls, 6 digits is trivial to brute-force.

Yes. After the page is loaded, generation requires no network — crypto.getRandomValues is a browser primitive backed by the OS.