How Random Number Generators Work
Randomness is a deceptively complex idea in computing. A computer is a deterministic machine — given the same inputs, it will always produce the same outputs. So how does it generate numbers that appear to have no pattern at all? The answer lies in algorithms specifically designed to simulate unpredictability, and the distinction between how those algorithms work has real consequences for security, fairness, and scientific validity.
Pseudorandom vs. Cryptographically Secure Randomness
Most programming languages include a basic random number function. In JavaScript, that function is Math.random(). It uses a pseudorandom number generator (PRNG) — an algorithm that starts from an internal seed value and produces a long sequence of numbers that look random but are entirely determined by that seed. If you know the seed and the algorithm, you can predict every number in the sequence. For casual use like shuffling a playlist this is perfectly fine, but it is dangerously inadequate for anything involving security, gambling fairness, or cryptographic operations.
This tool uses crypto.getRandomValues(), a Web Cryptography API provided by your browser. Instead of a simple algorithm, it draws entropy from hardware-level sources — mouse movements, CPU timing jitter, thermal noise from your device's components, and other unpredictable physical phenomena collected by your operating system's entropy pool. The result is a cryptographically secure pseudorandom number generator (CSPRNG) whose output is computationally infeasible to predict, even with knowledge of prior outputs.
Why the Difference Matters
Consider generating a one-time password or selecting a winner from a pool of contest entrants. If Math.random() is used, a sufficiently motivated attacker could reverse-engineer the PRNG state and predict future values. With crypto.getRandomValues(), this is not feasible. The security guarantees of a CSPRNG are what make it suitable for generating encryption keys, session tokens, and any value where predictability equals vulnerability.
Common Use Cases for Random Number Generation
- Games and tabletop RPGs — Simulating dice rolls, drawing cards, or generating random encounters. The dice roller mode in this tool supports standard polyhedral dice used in systems like Dungeons & Dragons (d4, d6, d8, d10, d12, d20).
- Statistics and sampling — Selecting a random subset from a population for surveys, A/B tests, or academic research. The no-duplicates option ensures each selected value is unique, which is essential for unbiased sampling.
- Lotteries and raffles — Picking winners fairly from a numbered list of participants. Cryptographic randomness ensures no participant has a statistical edge.
- Password and token generation — Creating unpredictable numeric codes for PINs, verification codes, or authentication tokens where security is critical.
- Simulations and modeling — Monte Carlo methods, risk analysis, and other computational techniques that depend on large sets of random inputs to approximate complex systems.
- Education — Teaching probability, statistics, and computer science concepts with hands-on generation of random data sets.
Frequently Asked Questions
Is Math.random() truly random?
No. Math.random() is pseudorandom. It produces numbers that appear random but are generated by a deterministic algorithm. The sequence is entirely reproducible if the internal state is known. It is adequate for non-security tasks like animations or casual games, but should never be used where unpredictability is a requirement.
What is cryptographic randomness?
Cryptographic randomness refers to output from a generator that is computationally infeasible to predict, even for an attacker who has observed previous outputs. Browsers implement this through the Web Cryptography API, which gathers entropy from your operating system's hardware-based sources. This level of randomness is required for generating encryption keys, secure tokens, and any value where predictability would create a vulnerability.
Can random numbers repeat?
Yes, by default. If you generate numbers within a range, any number in that range can appear more than once — just like rolling a die can produce the same face multiple times. This is expected behavior for independent random events. If your use case requires unique values (such as selecting lottery numbers or sampling without replacement), enable the "No duplicates" option. Note that generating unique numbers requires the range to be at least as large as the quantity requested.
Is this tool safe for security-sensitive use?
This tool uses the same cryptographic primitive (crypto.getRandomValues) that browsers use internally for TLS, WebAuthn, and other security features. However, the generated numbers are displayed on screen and may be visible to screen-capture software or browser extensions. For generating secrets that must remain confidential, use a dedicated password manager or key-generation utility in a controlled environment.
This random number generator is completely free, runs entirely in your browser, and sends no data to any server. Bookmark this page for quick access whenever you need secure random numbers, dice rolls, or duplicate-free number sets.