About

Pseudo-random number generators (PRNGs) like linear congruential generators suffer from predictable sequences and short periods. This tool uses the Web Crypto API (crypto.getRandomValues) to produce digits sourced from the operating system's entropy pool. The output digits fall within a configurable range from min to max (default 0 - 9). Modulo bias is eliminated through rejection sampling: any raw 32-bit value that exceeds the largest clean multiple of the range width is discarded and redrawn. This guarantees each digit in the range has equal probability to within cryptographic standards.

Misconfigured random generation causes real damage. Weak randomness in PIN codes, OTP tokens, or sampling indices introduces exploitable patterns. If you enable the uniqueness constraint with a count exceeding the range width, generation is mathematically impossible and the tool will warn you rather than silently fail. Note: this tool generates individual digits (single-character values within a range), not multi-digit numbers. For statistical sampling, remember that true independence requires sampling with replacement (uniqueness off).

Formulas

A raw unsigned 32-bit integer r is drawn from crypto.getRandomValues. The range width w is computed as:

w = max − min + 1

To eliminate modulo bias, compute the rejection threshold t:

t = 2³² − (2³² mod w)

If r ≥ t, discard and redraw. Otherwise, the unbiased digit d is:

d = (r mod w) + min

Where min = minimum digit value (default 0), max = maximum digit value (default 9), w = range width, r = raw 32-bit unsigned integer, t = rejection threshold, d = output digit. The probability of rejection per draw is at most w2³², which for w ≤ 10 is negligible (< 0.00000024%).

Reference Data

Property	PRNG (Math.random)	CSPRNG (crypto.getRandomValues)
Entropy Source	Algorithmic seed	OS entropy pool (hardware noise)
Predictability	Deterministic if seed known	Computationally infeasible to predict
Period Length	~2¹²⁸ (xorshift128+)	Not periodic (reseeded continuously)
Modulo Bias Risk	Yes, if using Math.random × n	Eliminated via rejection sampling
Speed (10k values)	< 1 ms	< 2 ms
Suitable for Cryptography	No	Yes
Suitable for Games	Yes	Yes (overkill)
Suitable for OTP/PIN	No	Yes
Suitable for Sampling	Acceptable	Preferred
Suitable for Simulation	Yes (reproducible seeds)	Not ideal (non-reproducible)
Browser Support	All browsers	All modern browsers (IE11+)
Specification	ECMAScript (implementation-defined)	W3C Web Cryptography API
Uniform Distribution	Approximately uniform	Provably uniform (with rejection)
Digit Range Default	0 - 9	0 - 9
Max Safe Integer	2⁵³ − 1	2³² − 1 per call

Frequently Asked Questions

When mapping a 32-bit integer (range 0 to 2³² − 1) onto a smaller range w, the remainder operation (mod w) creates bias if 2³² is not evenly divisible by w. For example, with w = 10, 2³² = 4,294,967,296 is divisible by 10, so no bias exists. But for w = 7, the last 2 values (out of 2³²) map unevenly. Rejection sampling discards any raw value ≥ the largest multiple of w that fits in 32 bits, then redraws. The expected number of draws per accepted value is less than 2 for any w ≤ 2³¹.

If you set count to 15 but your range is 0-9 (only 10 distinct values) with uniqueness enabled, the tool will display an error and refuse to generate. This is a mathematical impossibility (pigeonhole principle), not a software limitation. Reduce the count to at most max − min + 1, or disable the uniqueness constraint.

Yes. The Web Crypto API draws from the operating system's cryptographic random number generator (e.g., /dev/urandom on Linux, BCryptGenRandom on Windows). It meets the requirements of NIST SP 800-90A for non-deterministic random bit generation. For lottery numbers, enable uniqueness. For PINs, keep uniqueness off (repeating digits are valid in PINs and excluding them reduces the keyspace, making brute-force easier).

A digit is defined as a single numeral from 0 to 9. This tool generates sequences of such digits, which can be concatenated to form multi-digit numbers if needed. For example, generating 4 digits with no separator produces a 4-digit PIN. The range can be narrowed (e.g., 1-6 for dice rolls). This atomic approach gives maximum flexibility for formatting.

With uniqueness enabled, the generation becomes sampling without replacement. The first digit is uniformly distributed across w values. The second digit is uniform across w − 1 remaining values, and so on. Each individual digit is equally likely to appear in any position (marginal uniformity holds), but digits are no longer independent. For statistical simulations requiring independence, disable uniqueness.

The tool caps generation at 10,000 digits per batch. On modern hardware, crypto.getRandomValues can fill a Uint32Array of 10,000 elements in under 2 ms. The bottleneck is DOM rendering of the result string, which is handled by inserting a single text node. For datasets larger than 10,000, generate multiple batches and use the download feature.