About

Standard pseudorandom number generators in most languages produce values limited to 2⁶⁴ or roughly 18.4 quintillion. Applications in cryptography, Monte Carlo simulation, and distributed systems routinely require integers with hundreds or thousands of digits. Generating these naively - by concatenating small randoms - introduces modular bias that compromises uniformity. This tool uses the browser's crypto.getRandomValues() CSPRNG to produce byte arrays, then converts them to decimal strings of the exact requested length. For range-constrained generation between arbitrary min and max, it applies rejection sampling to guarantee a perfectly uniform distribution across the interval.

Failure to use a CSPRNG for key material or nonce generation can result in predictable outputs exploitable by attackers. Even non-security contexts suffer: biased sampling in simulations produces skewed statistics. This generator supports lengths up to 10,000 digits and batch sizes up to 10,000 with optional uniqueness enforcement. Note: uniqueness checking at extreme lengths (> 5,000 digits) with large batches may increase memory usage. The tool approximates true uniform distribution; negligible bias from byte-to-decimal conversion is on the order of 1 part in 2¹²⁸.

Formulas

A cryptographically secure random integer with exactly d decimal digits is produced by first generating a byte array of length n = d2 + 1 from the CSPRNG, then converting each byte pair to a two-digit decimal. The first digit is forced to be non-zero by rejection-resampling. For range-constrained generation:

range = max − min + 1

result = min + (R mod range)

where R is a uniformly random integer with enough bits to cover range. To eliminate modular bias, rejection sampling discards values where R ≥ range × 2^krange (floor), with k being the bit length of R. The rejection probability is at most 12, so expected iterations converge rapidly.

Where d = number of decimal digits requested, n = byte array length, R = raw random BigInt, min and max = user-specified range bounds, k = bit length of the sampled value.

Reference Data

Bit Length	Approx. Decimal Digits	Common Use Case	Example Standard
128	39	UUIDs, Session Tokens	RFC 4122
256	78	AES-256 Keys	NIST SP 800-38A
512	155	HMAC Keys, Hash Seeds	FIPS 198-1
1024	309	RSA Keys (legacy)	PKCS #1 (deprecated)
2048	617	RSA Keys (standard)	NIST SP 800-57
3072	925	RSA Keys (128-bit security)	NIST SP 800-57
4096	1,234	RSA Keys (high security)	PKCS #1 v2.2
8192	2,467	Post-quantum research	Experimental
15360	4,622	256-bit equivalent RSA	NIST SP 800-57
32768	9,865	Extreme precision math	Research / HPC
Conversion: digits ≈ bits × log₁₀(2) ≈ bits × 0.30103
Quantity	Typical Time (1000 digits)	Memory Est.	Notes
1	< 1 ms	< 1 KB	Instant
100	< 10 ms	˜ 100 KB	Instant
1,000	˜ 50 ms	˜ 1 MB	Fast
10,000	˜ 500 ms	˜ 10 MB	Progress bar shown

Frequently Asked Questions

When generating a random integer between min and max, a naive modulo operation introduces bias because 2^k is rarely an exact multiple of the range. This tool uses rejection sampling: it generates a random value R with enough bits to exceed the range, then discards values that fall in the biased tail (where R ≥ floor(2^k / range) × range). The expected number of rejections is less than 1, so performance impact is negligible.

The tool generates integers with up to 10,000 decimal digits. This corresponds to approximately 33,219 bits (since bits ≈ digits ÷ 0.30103). This far exceeds current RSA key sizes and is suitable for research, mathematical exploration, and stress-testing parsers.

Yes. The tool uses the Web Crypto API's crypto.getRandomValues(), which sources entropy from the operating system's CSPRNG (e.g., /dev/urandom on Linux, CryptGenRandom on Windows). This meets NIST SP 800-90A requirements. The only caveat: the byte-to-decimal conversion introduces theoretical bias on the order of 1 part in 2¹²⁸, which is negligible for all practical purposes.

Uniqueness is enforced via a Set of string keys. For 10,000 integers each with 10,000 digits, this requires approximately 100 MB of memory. Most modern browsers handle this, but low-memory devices may struggle. The probability of a random collision among 10,000 integers with 100+ digits is astronomically small (approximately 10⁻¹⁹³ for 100-digit numbers), so uniqueness checking is rarely necessary at large digit counts.

When generating an integer with exactly d digits, the first digit must be in the range [1,9]. The tool generates a random byte, takes it modulo 9, adds 1, and uses rejection sampling on bytes ≥ 252 (since 252 = 9 × 28) to eliminate bias. The remaining d−1 digits are generated uniformly from [0,9].

This tool generates random integers, not primes. However, prime candidates for RSA key generation are typically odd random integers of a specific bit length, which you can approximate by generating an odd big integer here. Actual primality testing (Miller-Rabin, Lucas) is a separate computational step not included in this generator.