About

A 4-digit number spans the range 0000 to 9999, yielding exactly 10,000 possible values. Using Math.random for generation introduces bias due to its pseudo-random nature and reliance on predictable seed states. This tool uses the Web Crypto API (crypto.getRandomValues), a cryptographically secure pseudo-random number generator (CSPRNG) that draws entropy from the operating system. The distinction matters when generated numbers serve as PINs, verification codes, or sample identifiers where predictability constitutes a security or methodological flaw.

The generator preserves leading zeros. The value 0042 is a valid 4-digit string, not the integer 42. Filters for digit uniqueness reduce the pool from 10,000 to 4,536 permutations (10 × 9 × 8 × 7). Excluding specific digits further constrains the space. This tool reports the effective pool size so you can assess collision probability before generating a batch. Note: for sample sizes approaching the pool size, generation time increases due to rejection sampling for uniqueness.

Formulas

The generator produces a uniformly distributed 4-digit string from the range [0000, 9999]. The core operation uses rejection sampling on a cryptographic byte buffer:

n = crypto.getRandomValues(Uint16Array) mod 10000

To eliminate modulo bias, the raw 16-bit value (0 - 65535) is rejected if it falls in the biased tail: values ≥ 60000 are discarded and resampled. This ensures each of the 10,000 outcomes has equal probability p:

p = 110,000 = 0.0001

For unique-digit filtering, the available permutation count is:

P(n, 4) = n × (n − 1) × (n − 2) × (n − 3)

where n = 10 − (number of excluded digits). Collision probability for k samples from a pool of size N follows the birthday approximation:

P_collision ≈ 1 − e^{−k(k − 1)2N}

where k is the batch size and N is the effective pool size after applying all filters.

Reference Data

Constraint	Pool Size	Formula	Example	Use Case
No constraint	10,000	10⁴	0000 - 9999	General purpose
Unique digits only	4,536	P(10,4) − P(9,3)	3847, 1052	PIN codes, tokens
All unique, no zero	3,024	P(9,4)	5193, 8274	Numeric IDs
Only odd digits	625	5⁴	1357, 9911	Odd-constrained sets
Only even digits	625	5⁴ (incl. 0)	2460, 8802	Even-constrained sets
Exclude 1 digit	6,561	9⁴	No 7: 0235	Avoid confusing chars
Exclude 2 digits	4,096	8⁴	No 0,1: 2345	Reduced ambiguity
Exclude 3 digits	2,401	7⁴	No 0,1,2	Specialized codes
Unique + exclude 1	3,024	P(9,4)	3859	Secure tokens
Unique + exclude 2	1,680	P(8,4)	4567	Lottery-style draws
Unique + exclude 3	840	P(7,4)	3456	Small sample spaces
Starts with 1-9	9,000	9 × 10³	1000 - 9999	No leading zero
Palindromes only	90	9 × 10	1221, 7337	Novelty, memory aids
Repeated digits (1111-type)	10	10¹	0000 - 9999	Marker codes
Ascending digits	210	C(10,4)	1234, 0589	Sequential IDs
Sum of digits = 10	219	Stars & bars with bounds	1234, 0505	Checksum-constrained

Frequently Asked Questions

Math.random uses a PRNG (typically xorshift128+ in V8) seeded from a low-entropy source. Its output is deterministic given the seed and fails statistical randomness tests like NIST SP 800-22. crypto.getRandomValues draws from the OS entropy pool (/dev/urandom on Linux, BCryptGenRandom on Windows), producing cryptographically unpredictable output suitable for security-sensitive applications like PIN generation or verification codes.

A Uint16 produces values 0 - 65,535. Taking modulo 10,000 maps 6 values to each remainder 0 - 5,535 but only 5 values to remainders 5,536 - 9,999. This creates a bias of approximately 0.017%. Rejecting values ≥ 60,000 leaves exactly 60,000 values, divisible evenly by 10,000, eliminating modulo bias entirely.

The tool calculates the effective pool size based on your active filters (digit exclusions, uniqueness constraint) and caps the batch size at that pool size. For example, with unique digits and digits 0, 1, 2 excluded, the pool is P(7,4) = 840. Requesting 1,000 with no-duplicates-in-batch enabled will cap at 840 and display a warning toast.

These are independent constraints. "Unique digits within number" means each 4-digit result contains four distinct digits (e.g., 3847 passes, 3347 fails). "No duplicates in batch" means the entire output list contains no repeated numbers. Both can be enabled simultaneously, which constrains the maximum batch size to the permutation count P(n,4).

Use the birthday paradox approximation. For k = 50 numbers from the full pool of N = 10,000, the probability of at least one duplicate is approximately 1 − e^{−1225/20000} ≈ 5.9%. At k = 120, collision probability exceeds 50%. Enable "No duplicates in batch" to guarantee uniqueness at the cost of rejection sampling overhead.

Yes. Excluding 7 or more digits leaves fewer than 4 available digits. With "unique digits" enabled, you need at least 4 available digits. Without uniqueness, you need at least 1. The tool validates this before generation and displays an error toast explaining the minimum digit requirement for the current configuration.