Random Bytes Generator

How to use

1. Pick byte count (1-256) — 16 for an IV, 32 for an HMAC key, 64 for an OAuth client secret.
2. Choose the output format. Use Base64URL for cookies and JWTs (no padding, URL-safe).
3. Click 'Generate' for a fresh value; changing options re-renders the existing bytes.

Frequently asked questions

Is this cryptographically secure?

Yes. It uses `crypto.getRandomValues()`, the Web Crypto API's CSPRNG. All generation happens locally in your browser — bytes never leave your device.

Why 256 bytes max?

For most security uses (keys, tokens, salts) you need 16-64 bytes. Capping prevents accidentally locking the UI with multi-MB output. Use a CLI tool (`openssl rand`, `head /dev/urandom`) for large amounts.

What's the difference between Base64 and Base64URL?

Base64 uses `+`, `/`, and `=` padding — fine for JSON but unsafe for URLs and filenames. Base64URL replaces `+` → `-`, `/` → `_`, drops `=` padding — used in JWTs, OAuth state, and URLs.

Related tools