The random numbers listed below are generated using the build-in Math.random() function of your browser’s JavaScript engine. Different browsers use different pseudo-random number generators, which is why I added my own “salting” approach to put some more randomness into the mix. An introduction to the mathematical theory relevant to the analysis and understanding of randomness can be found here.

Note: If you require a better level of randomness, check out random.org, where the randomness comes from atmospheric noise and not from some kind of mathematical relationship or mouse movements.

Your mouse movements are used as an additional randomness source. 0 events have been recorded. If the button turns green, a lot of custom randomness from move movements has been accumulated—then click it.1
Current 128-bit random salt to modify the built-in PRNG: supposed to be replaced by JavaScript

Randomness ready for Copy&Paste

Passwords

The following randomly generated passwords either use alphanumeric or extended alphanumeric character sets.

Alphanumeric passwords

  • 10 characters: supposed to be replaced by JavaScript
    supposed to be replaced by JavaScript
  • 16 characters: supposed to be replaced by JavaScript
    supposed to be replaced by JavaScript
  • 20 characters: supposed to be replaced by JavaScript
    supposed to be replaced by JavaScript
  • 32 characters: supposed to be replaced by JavaScript
    supposed to be replaced by JavaScript
  • 43 characters: supposed to be replaced by JavaScript
    supposed to be replaced by JavaScript

Extended alphanumeric passwords

  • 10 characters: supposed to be replaced by JavaScript
    supposed to be replaced by JavaScript
  • 16 characters: supposed to be replaced by JavaScript
    supposed to be replaced by JavaScript
  • 20 characters: supposed to be replaced by JavaScript
    supposed to be replaced by JavaScript
  • 32 characters: supposed to be replaced by JavaScript
    supposed to be replaced by JavaScript
  • 41 characters: supposed to be replaced by JavaScript
    supposed to be replaced by JavaScript

Note: Those passwords are safely generated on your computer using JavaScript. They are not retrieved from or communicated to the server.

Random strings

Here are 1000 random characters using different sets of characters, ready for copy&paste.

Numbers

supposed to be replaced by JavaScript

  • Character count: supposed to be replaced by JavaScript
  • Distribution info: supposed to be replaced by JavaScript
  • Information content: supposed to be replaced by JavaScript

Lower-case letters

supposed to be replaced by JavaScript

  • Character count: supposed to be replaced by JavaScript
  • Distribution info: supposed to be replaced by JavaScript
  • Information content: supposed to be replaced by JavaScript

Alphanumerical Characters

supposed to be replaced by JavaScript

  • Character count: supposed to be replaced by JavaScript
  • Distribution info: supposed to be replaced by JavaScript
  • Information content: supposed to be replaced by JavaScript

Alphanumerical + Some Special Characters “~@#$%^*()_+-={}|][”

supposed to be replaced by JavaScript

  • Character count: supposed to be replaced by JavaScript
  • Distribution info: supposed to be replaced by JavaScript
  • Information content: supposed to be replaced by JavaScript

Statistics info and entropy definitions

The usual measure for the information content of a string is the Shannon entropy. Let \(s\) be the random string of length \(n\) and \(\{ c_1, ..., c_r \}\) be the list of unique characters in the string. Furthermore, let \(k_i\) be the number of occurrences of the character \(c_i\) in the random string \(s\), then the Shannon entropy \(H(s)\) is defined by \[ H(s) = -\sum_{i=1}^r p_i \cdot \log_2(p_i), \] where \(p_i = \frac{k_i}{n}\) is the probability of the character \(c_i\) occuring. It describes the information content of a single character of the string \(s\), such that the total information content of the random string \(s\) is given by \(n\cdot H(s)\). An optimal (non-compressed) character set representation requires the next largest integer number \(\lceil H(s) \rceil\) of bits per character, such that storing the string requires \(n \cdot \lceil H(s) \rceil\) bits.

The normalized entropy or efficiency of a random string is defined by the Shannon entropy divided by the logarithm of the string length and measures the how equally distributed the unique characters are in the string: \[ \eta(s) = -\sum_{i=1}^r \frac{p_i \cdot \log_2(p_i)}{\log_2(n)} = \frac{H(s)}{\log_2(n)} \] Note that the normalized entropy is always in the range \(\eta(s)\in[0,1]\), where \(1\) is a perfectly randomized (flat) distribution of the characters.

If an alphabet \(\{a_1,...,a_m\}\) of \(m\) characters is given, there are \(2^{n\cdot m}\) possible combinations to construct a string of length \(n\). In a perfect setting, an alphabet of length \(m\) implies that each letter carries \(\log_2(m)\) bits of information, such that the theoretical maximum information content of a string of length \(n\) is \(n \cdot \log_2(m)\) bits.

String entropy analyzer

Simply test out the changes in entropy—according to the formulas discussed—by typing some text into the text field provided below:

  • Character count: supposed to be replaced by JavaScript
  • Distribution info: supposed to be replaced by JavaScript
  • Information content: supposed to be replaced by JavaScript

A somewhat detailed introduction to the mathematical theory relevant to the analysis and understanding of randomness can be found here.

  1. The random strings and passwords are not automatically updated once a certain level of randomness has been aggregated, just in case one would like to investigate “before” and “after” situations. In any case, a simple click is really not too much to ask…