OpenSSL Rand Generator
Generate cryptographically secure random bytes the way openssl rand does, encoded as base64 or hex, without opening a terminal.
Everything runs locally with the Web Crypto API. Nothing is sent to our servers, logged or stored.
No value yet. Press Regenerate.
This is an estimate based on random generation, not on whether a leaked password has been reused.
Generated locally in your browser. Nothing is sent to our servers, logged or stored.
What openssl rand does
openssl rand draws random bytes from a cryptographically secure generator and encodes them for you. openssl rand -base64 32 prints 32 random bytes as base64, and openssl rand -hex 32 prints them as hex. Both carry the same 256 bits of entropy, they only differ in how the bytes are written.
In the browser the equivalent secure source is crypto.getRandomValues, which is what this tool uses. The result is identical in strength to the command line, with no install and no network call.
Best practices
- Use 32 bytes (256 bits) as a strong default for keys, salts and tokens.
- Choose base64 for compactness or hex for readability, the security is the same.
- Use base64url instead of base64 when the value must live in a URL or header.
More secret generators
Every generator below is the same local, Web Crypto powered tool, preset for a different job. Nothing you generate leaves your browser.
- Secure Password GeneratorPasswords, secrets, tokens and PINs in one place.
- JWT Secret GeneratorStrong HS256 signing secrets for JWT.
- API Key GeneratorOpaque, high entropy keys for API auth.
- Random Token GeneratorSession, reset and verification tokens.
- Passphrase GeneratorMemorable multi word passphrases.
- PIN GeneratorQuick numeric PIN codes.
Frequently asked questions
What is the browser equivalent of openssl rand?
crypto.getRandomValues. It fills an array with cryptographically secure random bytes from the same kind of CSPRNG that OpenSSL uses, which you can then encode as hex or base64.
Does openssl rand -base64 32 mean 32 characters?
No, it means 32 random bytes. Encoded as base64 those 32 bytes become a 44 character string (or 43 without padding). The 32 refers to bytes, not output length.
Is base64 or hex better?
Neither is more secure. For the same byte count they hold the same entropy. Base64 is shorter, hex is easier to read and copy by hand.
Is this safe to use for production secrets?
Yes. The randomness comes from the Web Crypto API and never leaves your browser. Generate the secret, copy it into your secret manager, and it is gone from the page when you close it.