Random Number Generator (cryptographically secure, unique mode)
Pick a min, max, and count to generate cryptographically secure random integers. Toggle 'unique' for sample-without-replacement (raffles, lotteries).
How it works
Why this is actually random
We use crypto.getRandomValues — the browser's cryptographically secure random source — instead of Math.random(). The CSPRNG output can't be predicted from prior values, which matters for lottery picks, gambling-adjacent applications, and any use where 'random' is a real requirement, not just 'arbitrary'.
We also use rejection sampling to make the distribution exactly uniform across the chosen range. Naive 'random % range' introduces bias when the range doesn't divide evenly into 2³². Rejection sampling discards values that would cause bias and tries again, so every number in your range has exactly the same probability.
Unique vs duplicate-allowed
Default mode: each number is independent — duplicates can occur. This is what 'random' usually means in casual use (rolling dice, picking a movie, randomized testing).
Unique mode: sample without replacement — once a number is picked, it can't be picked again in the same batch. Useful for: lottery picks (e.g., 6 numbers from 1-49), raffles (drawing winners), team assignments, and any 'pick N from M' situation. Requires count ≤ range.
Common use cases
Lottery / raffle: 6 unique numbers from 1-49, or whatever your draw uses. Toggle 'unique' on.
Dice rolls: range 1-6 (or 1-20 for D20). Leave 'unique' off so each roll is independent.
Random sampling for testing: pick 10 random user IDs from 1-10000 to spot-check. Use 'unique' to avoid duplicates.
Simulating coin flips: range 0-1, multiple results. Tally heads/tails for fairness checks (you'll see ~50/50 on large samples).
Frequently asked questions
›Is this fair for raffles or lotteries?
The randomness is cryptographically secure and unbiased. Whether it's legally 'fair' for an official lottery depends on your jurisdiction's rules — many require certified hardware RNGs.
›What's the difference from Math.random()?
Math.random() uses an algorithm whose output can be predicted from prior outputs by an attacker. crypto.getRandomValues uses an OS-level cryptographic RNG that can't be predicted. For real fairness, use this.
›Can I get negative numbers?
Yes. Set min to a negative value.
›What's the maximum range?
Limited by JavaScript's safe integer range (~2⁵³), but practically you can go to billions without trouble. The rejection-sampling technique handles any range correctly.
›Why does 'unique' fail when count > range?
If you pick 10 unique numbers from 1-5, four don't exist. The validation catches this and asks you to widen the range or reduce the count.
›Does this work for dice rolls?
Yes — set range to 1-6 (or whatever your dice are) and turn off 'unique' so each roll is independent.
›Can I save the seed and reproduce?
No — secure random by design has no seed. If you need reproducible 'random' for testing, use a seeded PRNG library.
›Is the data sent anywhere?
No. Generation is entirely local.
Related tools
Last updated: