User Rating 0.0 ★★★★★

Total Usage 0 times

Category Text Generators

Number of Codes 1 – 50,000

Code Length 2 – 32 characters (excluding prefix/suffix)

Prefix Optional, max 10 chars

Suffix Optional, max 10 chars

Separator

Separator Every Insert separator every N characters

Character Sets

A–Z Uppercase a–z Lowercase 0–9 Digits Exclude Ambiguous (0, O, I, l, 1)

Custom Characters Additional characters to include in pool

Output Case

Presets:

Configure options and press Generate Codes

Is this tool helpful?

Your feedback helps us improve.

★ ★ ★ ★ ★

About

Promotional codes require cryptographic unpredictability. A guessable pattern (sequential numbers, dictionary words, short alphanumerics) exposes your system to brute-force enumeration. An attacker cycling through 36⁴ = 1,679,616 possible 4-character alphanumeric codes can drain a campaign budget in minutes. This generator uses the browser's crypto.getRandomValues() CSPRNG, producing codes with entropy of log₂(P^L) bits, where P is pool size and L is code length. A 10-character code from a 62-character pool yields ~59.5 bits of entropy, making enumeration computationally infeasible.

The tool enforces uniqueness via hash-set deduplication across the full batch. Codes support configurable prefixes (brand identity), separators (readability), and mixed character sets. Note: the maximum unique code count is bounded by P^L. Requesting more codes than the pool allows will halt generation and report the shortfall. Pro tip: avoid visually ambiguous characters (0/O, 1/l/I) in printed campaigns by enabling the "Exclude Ambiguous" option.

Formulas

The entropy of a randomly generated code determines its resistance to guessing attacks. Entropy is calculated as:

H = L ⋅ log₂(P)

where H = entropy in bits, L = code length (excluding prefix, suffix, separators), P = character pool size (number of distinct characters).

The total number of unique codes possible in the configuration space:

N_max = P^L

The probability of guessing a valid code in a single attempt:

p = nP^L

where n = number of active (issued) codes. For a batch of 10,000 codes with L = 10 and P = 62, this yields p ≈ 1.19 × 10⁻¹⁴.

Collision probability (Birthday bound) when generating n codes without deduplication:

P_collision ≈ 1 − e^{−n²2 ⋅ P^L}

This tool bypasses the birthday problem entirely by enforcing uniqueness through Set-based deduplication. Each generated code is checked against all previously generated codes in O(1) average time. If the requested batch size n approaches N_max, generation halts to prevent infinite loops.

Reference Data

Code Length	Pool Size	Unique Combinations	Entropy (bits)	Brute-Force Time @ 1M/s	Use Case
4	36 (A-Z+0-9)	1.68M	20.7	1.7 sec	One-time flash sales (low risk)
6	36	2.18B	31.0	36 min	Email campaigns
8	36	2.82T	41.4	32.7 days	General purpose coupons
8	62 (A-Z+a-z+0-9)	218T	47.6	6.9 years	High-value discounts
10	62	839Q	59.5	26.6K years	Gift cards, subscriptions
12	62	3.23 × 10²¹	71.5	102M years	License keys
16	62	4.77 × 10²⁸	95.3	>10¹⁵ years	Cryptographic tokens
6	10 (0-9 only)	1M	19.9	1 sec	SMS verification PINs
8	32 (no ambiguous)	1.10T	40.0	12.7 days	Printed vouchers (legibility)
4	26 (A-Z only)	456,976	18.8	0.46 sec	Simple referral codes
10	36	3.66 × 10¹⁵	51.7	116 years	E-commerce standard
20	62	7.04 × 10³⁵	119.1	>10²² years	Enterprise API keys

Frequently Asked Questions

The generator uses the browser's crypto.getRandomValues() API, which is a cryptographically secure pseudo-random number generator (CSPRNG) seeded by the operating system's entropy pool. Each character index is selected using rejection sampling to eliminate modulo bias. For a 10-character code from a 62-character pool, an attacker would need approximately 8.39 × 10¹⁷ attempts to enumerate all possibilities - over 26,000 years at 1 million guesses per second.

The generator calculates the maximum possible unique codes as P^L (pool size raised to code length) before starting. If your requested quantity exceeds 80% of this maximum, a warning is displayed because collision rates increase exponentially near the ceiling. If it exceeds 100%, generation is blocked. For example, requesting 2 million unique 4-character codes from a 36-character pool (max 1,679,616) is impossible and will be rejected with a specific error.

In print media, thermal receipts, and low-resolution displays, the glyphs for zero (0) and capital O, one (1), lowercase L (l), and capital I are often indistinguishable. A customer mistyping a single character means a failed redemption and a support ticket. The "Exclude Ambiguous" option removes the set {0, O, I, l, 1} from the pool, reducing it from 62 to 57 characters (or 36 to 31 for uppercase+digits). The entropy reduction is minimal (~0.6 bits per character) but the usability improvement is significant for offline channels.

Separators (e.g., dashes in XXXX-XXXX-XXXX) are purely cosmetic formatting. They do not contribute to entropy because their positions and characters are fixed and predictable. A code displayed as AB3K-9MPQ has exactly the same entropy as AB3K9MPQ. However, separators improve human readability and reduce transcription errors by ~25% according to UX research on alphanumeric string entry.

For promo codes and discount coupons (validated server-side against a database), this generator is fully sufficient. For license keys that must be validated offline without a database lookup, you would additionally need an embedded checksum or cryptographic signature - the Luhn checksum option provides basic tamper detection for numeric codes. For API tokens requiring authentication-grade security, codes should be at least 32 characters from the full 62-character alphanumeric pool (≈190 bits of entropy), matching industry standards like those used by Stripe and AWS.

The generator handles up to 50,000 codes per batch. Generation of 10,000 10-character codes from a 62-character pool typically completes in under 200ms on modern hardware. The primary bottleneck is DOM rendering, not code generation. For batches exceeding 1,000 codes, the output is rendered in chunks to keep the UI responsive. Memory usage scales linearly at approximately 50 bytes per code for a 10-character length.