Random Number Generator
Free random number generator with custom range, count, and duplicate control. Uses cryptographic randomness in your browser.
This random number generator produces integers in any range you specify, powered by the Web Crypto API for cryptographic-quality randomness. Set a minimum, maximum, and quantity, choose whether duplicates are allowed, and generate up to 100 numbers per batch. Everything runs locally in your browser - no data leaves your device.
About Random Number Generator
How Does the Random Number Generator Work?
The tool uses crypto.getRandomValues(), part of the W3C Web Cryptography API. This function draws entropy from your operating system's secure random source (CryptGenRandom on Windows, /dev/urandom on Linux, SecRandomCopyBytes on macOS). The API has been available across all major browsers since July 2015 and works on both HTTP and HTTPS pages, making it one of the most widely supported web platform features.
To produce an unbiased integer within your chosen range, the tool uses rejection sampling. It generates random bytes, converts them to a number, and discards any value that would introduce modulo bias. This guarantees a perfectly uniform distribution across the range, meaning every possible outcome has exactly the same probability.
| Setting | What It Controls | Default |
|---|---|---|
| Minimum | The lowest number in the range (inclusive) | 1 |
| Maximum | The highest number in the range (inclusive) | 100 |
| Quantity | How many numbers to generate (1-100) | 1 |
| Allow duplicates | Whether the same number can appear more than once | Yes |
| Sort | Display order: unsorted, ascending, or descending | Unsorted |
The tool validates inputs in real time. If you disable duplicates and request more numbers than exist in the range, it flags the conflict immediately rather than producing an error mid-generation.
Cryptographic vs Pseudo-Random: Why It Matters
Most programming languages default to a pseudo-random number generator (PRNG) for general-purpose random numbers. JavaScript's Math.random(), for example, typically uses the xorshift128+ algorithm. PRNGs are fast, but they are deterministic - given the same seed, they produce the exact same sequence every time. In 2015, security researchers demonstrated that the internal state of V8's Math.random() could be reconstructed from just a few outputs, making the subsequent sequence fully predictable.
A cryptographically secure pseudo-random number generator (CSPRNG) like the one behind crypto.getRandomValues() is fundamentally different. The U.S. National Institute of Standards and Technology (NIST) defines the requirements for CSPRNGs in Special Publication 800-90A, specifying approved algorithms including Hash_DRBG, HMAC_DRBG, and CTR_DRBG (typically built on AES). The core guarantee is that knowing any amount of past output should not help predict future output.
| Property | Math.random() (PRNG) | crypto.getRandomValues() (CSPRNG) |
|---|---|---|
| Randomness source | Algorithmic seed (often time-based) | OS entropy pool (hardware events, interrupt timing, thermal noise) |
| Predictability | Deterministic - state can be reconstructed | Computationally infeasible to predict |
| Uniform distribution | Approximately uniform (minor biases possible) | Cryptographically uniform after rejection sampling |
| Security use | Not suitable (state recovery attacks demonstrated) | Suitable for keys, tokens, nonces, and lottery draws |
| Speed | ~200M values/second | ~50M values/second (slower due to entropy gathering) |
| Standard | No formal specification | W3C Web Crypto API, backed by NIST SP 800-90A algorithms |
For generating a handful of random numbers, the speed difference is irrelevant. The security difference matters when the stakes are real - prize draws, access codes, random assignment in experiments, or any scenario where predictability would be a problem.
Common Use Cases
| Use Case | Settings | Example |
|---|---|---|
| UK Lotto draw (6 from 59) | 1-59, 6 numbers, no duplicates | 7, 14, 22, 38, 45, 51 |
| US Powerball (5 from 69) | 1-69, 5 numbers, no duplicates | 12, 23, 34, 45, 56 |
| EuroMillions (5 from 50) | 1-50, 5 numbers, no duplicates | 3, 17, 28, 39, 44 |
| Classroom name picker | 1-(class size), 1 number | Student number 17 |
| Random group assignment | 1-(number of groups), (class size) numbers, allow duplicates | Each student gets a group number |
| Giveaway winner | 1-(entry count), 1 number, no duplicates | Entry #842 wins |
| D&D dice simulation | 1-20, multiple numbers, allow duplicates | 14, 3, 19, 7, 11 |
| PIN generation | 0-9, 4-6 numbers, allow duplicates | 7, 3, 0, 9 |
| Test data seeding | Any range, 100 numbers | Batch of random integers for database testing |
| Raffle ticket numbers | 1000-9999, quantity needed, no duplicates | Unique 4-digit ticket numbers |
Lottery organisations use certified hardware random number generators that comply with standards like the World Lottery Association (WLA) Security Control Standard. This tool uses the same class of randomness algorithm (CSPRNG) but runs in a browser rather than on certified hardware, so it is ideal for informal draws, classroom picks, and personal use rather than regulated gambling.
The Probability Behind Random Draws
Understanding the maths behind random number generation helps set expectations about what outcomes to expect.
Probability of hitting a specific number: In a uniform distribution over a range of size R, each number has a probability of exactly 1/R. For a range of 1 to 100, each number has a 1% chance per draw.
Probability of missing a specific number: After N independent draws from a range of R, the probability of never seeing a particular number is (1 - 1/R)^N. For 100 draws from a 1-100 range, the chance of missing any given number is (99/100)^100, which works out to about 36.6%. That means after 100 draws you still have roughly a one-in-three chance of not having seen a particular number.
The coupon collector problem: How many draws does it take to see every number at least once? The expected count is R x H(R), where H(R) is the Rth harmonic number (the sum 1/1 + 1/2 + ... + 1/R). For R = 100, H(100) is approximately 5.187, so you would need about 519 draws on average to see all 100 numbers at least once. For R = 50, it takes about 225 draws. The formula grows as roughly R x ln(R) + 0.577R (where 0.577 is the Euler-Mascheroni constant).
| Range Size | Expected Draws to See All Numbers | Probability of a Duplicate in 10 Draws |
|---|---|---|
| 6 (standard die) | ~15 | 99.97% |
| 10 | ~29 | 99.95% |
| 50 | ~225 | 63.2% |
| 100 | ~519 | 37.2% |
| 365 (birthday problem) | ~2,365 | 11.7% |
| 1,000 | ~7,485 | 4.4% |
The birthday problem: The "duplicate in 10 draws" column shows how the birthday paradox works in practice. With just 23 people in a room, there is a greater than 50% chance that two share a birthday (range = 365). The collision probability scales with the square of the sample size relative to the range. The general formula is: P(collision) = 1 - product from i = 0 to n-1 of (R - i)/R. This is why duplicate numbers show up far sooner than most people expect when drawing with replacement.
Duplicates On vs Off: Which Should You Pick?
| Setting | Behaviour | Best For |
|---|---|---|
| Duplicates allowed | Each number is drawn independently - same number can appear multiple times | Dice simulation, Monte Carlo sampling, test data, statistical experiments |
| No duplicates | Each number appears at most once (sampling without replacement) | Lottery draws, raffle picks, random ordering, unique group assignment |
When duplicates are off, the tool enforces that the count cannot exceed the range size. Requesting 10 unique numbers from a range of 1-5 is impossible, and the tool flags this before generating. Internally, it uses a Set to track drawn values and keeps generating until the required count of unique values is reached.
Worked example: Suppose you are running a raffle with 200 entries numbered 1-200 and need to pick 3 winners. Set min to 1, max to 200, count to 3, and turn off duplicates. The tool generates three unique numbers - say 47, 132, and 89. Each of the 200 entries had an exactly equal 1/200 (0.5%) chance of being selected, and no entry can win twice.
How Do You Test If a Random Generator Is Fair?
NIST publishes a Statistical Test Suite (SP 800-22) with 15 tests designed to detect non-randomness in bit sequences. The tests include frequency analysis (are 0s and 1s equally likely?), runs tests (are sequences of identical bits the expected length?), and spectral tests (are there hidden periodic patterns?). A generator that passes all 15 tests is considered statistically indistinguishable from a true random source for practical purposes.
For quick informal testing, you can run this generator with a large batch and check for obvious patterns. Generate 100 numbers in a range of 1-10 and count how often each number appears. With a fair generator, each value should appear roughly 10 times, though some variation is normal. If one value appears 25 times while another appears twice, that would suggest a problem. The expected standard deviation for each count is the square root of N x p x (1 - p), which for 100 draws from 10 values works out to about 3. Counts within plus or minus 6 of 10 are perfectly normal.
Tips and Common Mistakes
Modulo bias: A common mistake when writing random number generators is using the modulo operator directly (e.g. randomByte % range). If the range does not evenly divide the number of possible byte values, some outcomes become slightly more probable than others. For a concrete example, if you generate a random byte (0-255) and take the result modulo 100, the numbers 0-55 each have a 3/256 chance while 56-99 each have a 2/256 chance. That is a 50% bias toward lower numbers. This tool avoids the problem entirely through rejection sampling - discarding values that fall outside a uniform boundary and regenerating.
Seed confusion: Unlike random.org (which uses atmospheric noise) or hardware RNGs (which use electronic noise), browser CSPRNGs mix multiple entropy sources from the operating system. You do not need to "seed" this generator manually. The OS handles entropy collection continuously from hardware interrupts, disk timing, mouse movements, and other unpredictable events.
Large ranges and performance: Because the tool uses rejection sampling, very large ranges rarely require more than one or two extra random byte reads. The rejection rate is at most 50% for any range size, so generation is fast even for ranges up to the tool's 2,000,001-value maximum (from -1,000,000 to 1,000,000).
Range limits: This tool supports a minimum of -1,000,000 and a maximum of 1,000,000 with up to 100 numbers per batch. For generating random strings, UUIDs, or passwords, use the dedicated password generator or UUID generator instead.
For standard tabletop dice (d4, d6, d8, d10, d12, d20, d100), the dice roller offers a purpose-built interface with advantage/disadvantage modes and roll history. Everything on this page runs entirely in your browser with zero data sent to any server.
Sources
- MDN - Crypto.getRandomValues() Web API
- NIST SP 800-22 - Statistical Test Suite for Random Number Generators
- NIST SP 800-90A - Recommendation for Random Number Generation Using Deterministic Random Bit Generators
- RFC 4086 - Randomness Requirements for Security
- Random.org - Introduction to Randomness and Random Numbers
Frequently Asked Questions
How are the random numbers generated?
This tool uses the Web Crypto API (crypto.getRandomValues) available in all modern browsers. It produces cryptographically secure random values, meaning the output is suitable not only for games and drawings but also for security-sensitive applications.
Can I generate random numbers without duplicates?
Yes. Toggle the "Allow duplicates" option off and the tool will ensure every number in the result set is unique. Note that when duplicates are disallowed, the count cannot exceed the size of the range (max minus min plus one).
What is the maximum range I can use?
You can set the minimum as low as -1,000,000 and the maximum as high as 1,000,000. You can generate up to 100 numbers per batch.
Is this suitable for lotteries or prize drawings?
The randomness quality is cryptographic-grade, which is stronger than what most lotteries require. However, for official regulated drawings, you may need to use certified hardware random number generators to comply with local laws.
Related Tools
Link to this tool
Copy this HTML to link to this tool from your website or blog.
<a href="https://toolboxkit.io/tools/random-number-generator/" title="Random Number Generator - Free Online Tool">Try Random Number Generator on ToolboxKit.io</a>