A seed is the starting value a pseudo-random generator uses. The same seed always produces the same sequence, which is useful for reproducible simulations but bad for security.

Guide · The mechanics of randomness

How Random Number Generators Work

Q: What is the difference between pseudo-random and true random?

A pseudo-random generator produces numbers from a formula and a starting seed, so the sequence is deterministic and repeatable if you know the seed. A true random source draws from physical noise and isn't reproducible.

Q: Is Math.random secure?

No. Math.random is fast and statistically fine for games and everyday picks, but it's predictable in principle and must not be used for passwords, tokens or anything security-sensitive.

Updated: June 2026

Computers are deterministic machines, which makes "generate a random number" a genuinely strange request — strictly speaking, a normal program can't do anything truly unpredictable. What it can do is run a clever formula that looks random, or tap into physical noise that really is. Understanding the difference tells you when a generator is fine for a game and when it absolutely must not be trusted with a password.

Try the Generator →

Free · No upload · Instant in the browser

Pseudo-random: a formula and a seed

Most everyday randomness comes from a pseudo-random number generator (PRNG). It starts with a number called the seed and repeatedly applies a mathematical formula, each output feeding the next. The stream of results passes statistical tests for randomness — even spread, no obvious patterns — so for almost all practical purposes it behaves like chance.

But it's entirely deterministic. Feed in the same seed and you get the exact same sequence, every time. That's not a bug; it's sometimes exactly what you want. A game that seeds its world from "1234" can recreate the identical map for every player, and a scientist can rerun a simulation precisely by reusing the seed. Reproducibility is the upside of pseudo-randomness.

Why Math.random isn't secure

In a browser, Math.random() is a PRNG. It's fast, well-distributed and perfect for shuffling a playlist, rolling dice, or picking a colour. What it is not is unpredictable to a determined observer. Its internal state can, in principle, be reconstructed from enough outputs, after which every future number is foreseeable. That makes it disqualified for anything security-sensitive: passwords, session tokens, API keys, password-reset codes, or shuffling a real-money card game.

Math.random() → fast, repeatable-ish, predictable. Games & UI only. crypto.getRandomValues() → unpredictable. PINs, tokens, secrets.

True & cryptographic randomness

A true random number generator draws from physical entropy — electronic noise, timing jitter, sensor static — which is genuinely unpredictable and not reproducible. Operating systems gather this entropy into a pool. A cryptographically secure PRNG (CSPRNG) then stretches that high-quality seed into a long stream that no one can predict or run backwards, even knowing past outputs.

In the browser this is crypto.getRandomValues. It's what the generator on this site uses when you tick Crypto-secure. The numbers still come out instantly, but they're seeded from the operating system's entropy and are safe for codes that protect something. The trade-off is you lose reproducibility — which is the whole point for a secret.

Type	Predictable?	Repeatable?	Use for
PRNG (Math.random)	Yes, in principle	Yes, with seed	Games, UI, sampling
CSPRNG (crypto)	No	No	PINs, tokens, secrets
True RNG (hardware)	No	No	Seeding, high-stakes

From a 0–1 number to your range

Both sources hand back a fraction between 0 and 1 (or raw bytes). To turn that into "a number between min and max", you scale and shift it. For inclusive integers the standard formula is:

n = min + floor(random() × (max − min + 1))

The + 1 is what makes the maximum reachable; the leading min + shifts the range so it starts where you asked. One subtlety: naively folding raw random bytes into a range that doesn't divide evenly introduces a tiny bias toward lower values, so careful generators discard the few out-of-range samples (rejection sampling). For everyday ranges the effect is negligible, but it's why "do it properly" matters when fairness counts.

Why short runs look "not random"

People often distrust a good generator because it produced two of the same number, or a little cluster. That instinct is wrong. Genuine randomness is lumpy — streaks and repeats are expected over small samples, and a result that looked perfectly even (1, 2, 3, 4, 5…) would actually be the suspicious one. Uniformity only emerges over thousands of draws. So a few clustered results aren't a flaw; they're evidence the generator isn't artificially smoothing things out.

Frequently asked questions

What's the difference between pseudo-random and true random?

A PRNG runs a formula from a seed, so its sequence is deterministic and repeatable. A true random source draws from physical noise and can't be reproduced.

Is Math.random secure?

No. It's fast and fine for games and UI, but predictable in principle. Never use it for passwords, tokens or anything security-sensitive.

What is a seed?

The starting value of a PRNG. The same seed always yields the same sequence — great for reproducible simulations, bad for secrets.

When should I use the crypto-secure option?

Whenever the number protects something — PINs, verification codes, prize draws. It uses the browser's cryptographic generator and can't be predicted.