Crypto Tools

Active tool: Cryptographic Tools

Selected option: Random Bytes

What It Does

Generates cryptographically secure random bytes using Web Crypto, output in hex, Base64, or Base64url.

How to Use It

Select the desired byte length (16, 32, 64, etc.).
Choose the output encoding (hex, Base64, Base64url).
Click “Generate”.
Copy the result.

Options Explained

Option	Description
Byte length	Number of random bytes to generate (e.g., 32 = 256 bits)
Encoding	Hex, Base64, or Base64url
Uppercase (hex)	Display hex digits as A–F

Tip: Use 32 bytes (256 bits) for cryptographic keys. Lengths below 16 bytes are shown with a warning as they may be insufficient for security purposes.

Random Bytes GeneratorByte Length

or custom:

Encoding

Uppercase (A–F)Group:

Output

Security Notes: All outputs are generated client-side using a CSPRNG (Web Crypto). Prefer 32 bytes (256 bits) for cryptographic keys. The app does not store generated values.

About Cryptographically Secure Random Bytes

A Cryptographically Secure Pseudo-Random Number Generator (CSPRNG) produces byte sequences that are computationally indistinguishable from true randomness. Unlike ordinary PRNGs (such as Math.random()), a CSPRNG is designed so that an attacker who observes any amount of output cannot predict past or future values, a property called forward and backward secrecy.

This tool uses the Web Crypto API's crypto.getRandomValues()method, which draws entropy from the operating system's secure random source (/dev/urandom on Linux, CryptGenRandom on Windows, SecRandomCopyBytes on macOS). The generated bytes are displayed in hexadecimal, Base64, or raw binary formats and can be downloaded as a file.

The recommended minimum for symmetric encryption keys is 16 bytes (128 bits), with 32 bytes (256 bits) preferred for AES-256. Nonces and initialization vectors typically require 12 bytes (GCM) or 16 bytes (CBC). Always use a CSPRNG — never a general-purpose PRNG — for any security-sensitive value.

Common Use Cases

Generating symmetric encryption keys (AES-128, AES-256)
Creating nonces and initialization vectors for cipher modes
Producing salts for password hashing (PBKDF2, Argon2, scrypt)
Generating session tokens and CSRF protection tokens
Seeding deterministic random generators that require a secure seed
Creating one-time pads and ephemeral key material for key exchange

What Are Cryptographically Secure Random Bytes?

Cryptographically secure random bytes (CSRNG output) are sequences of bytes generated by a source that is computationally unpredictable — meaning no attacker can predict the next byte even after observing all previously generated bytes. Browsers provide this via crypto.getRandomValues(), backed by the operating system’s entropy pool (e.g., /dev/urandomon Linux, CryptGenRandom on Windows). This stands in contrast to general-purpose pseudorandom generators likeMath.random(), which are fast but predictable and must never be used for security-sensitive values such as encryption keys, nonces, or tokens.

Frequently Asked Questions

Why can’t I use Math.random() for cryptography?

Math.random() uses a deterministic PRNG whose internal state can be recovered from a small number of outputs. An attacker could then predict all future values. CSRNGs draw from hardware entropy and are designed to resist such attacks.

How many bytes do I need for an AES-256 key?

AES-256 requires a 256-bit key, which is 32 bytes. For AES-128, you need 16 bytes. The initialization vector (IV) is typically 12 bytes for GCM or 16 bytes for CBC.

What output formats are available?

The tool can display random bytes as hexadecimal, Base64, or raw decimal values, making it easy to copy the output into code, configuration files, or cryptographic tools.

Are the generated bytes sent to a server?

No. All generation happens locally in your browser using the Web Crypto API. No values are transmitted or stored.

All random bytes are generated locally in your browser. No generated values are transmitted to or stored on any server.