This tool generates cryptographically secure key material. Unlike the existing random-string and password generators (which use Math.random() and are unfit for secrets), this tool is entropy-driven and CSPRNG-backed.
Entropy-driven input. You specify a target entropy in bits (default 256, step 8) — the security strength you want — and the tool derives the byte count (bytes = ceil(bits/8)) for you. This is the right mental model for keys: a JWT HS256 secret needs 256 bits of entropy regardless of how many characters represent it. Don't think "how many characters", think "how much security".
Two output branches:
Byte encoding (default — leave Custom Alphabet empty). Generates ceil(entropyBits/8) random bytes with crypto.randomBytes() and renders the same material in three encodings side by side — hex, base64, base64url — so you can copy whichever your consumer expects. Each byte contributes exactly 8 bits of entropy, so delivered entropy always equals what you requested.
Custom alphabet (fill Custom Alphabet). Samples crypto.randomInt(alphabetSize) per character — internally rejection-sampled by Node, so no modulo bias and no hand-written rejection loop needed. The actual entropy is length × log₂(alphabetSize), which may be less than requested (e.g. 32-symbol alphabet × 10 chars = 50 bits, not 256); the tool warns you in red when this happens, because a short custom-alphabet string can be far weaker than it looks.
Why three encodings side by side? A 256-bit key is 64 hex chars, ~44 base64 chars, or 43 base64url chars. Different systems expect different formats; showing all three lets you pick correctly without re-running.
Use cases: AES-256 keys, HMAC keys, JWT signing secrets, API keys, session secrets, any value an attacker must not be able to guess. crypto.randomBytes() and crypto.randomInt() draw from the OS CSPRNG — never Math.random().