Tech

Random String Generator

Q: How is this different from the password generator?

This produces strings with any alphabet and length, with no "strength" rules. Built for slugs, short IDs, internal tokens and test data, not human login.

Q: Can I use it as a short ID like nanoid?

Yes. Base62 with length 21 gives ~125 bits of entropy, the same as a default nanoid.

Q: How is entropy calculated?

Bits = length × log2(alphabet size). For example, 16 characters from a 36-symbol alphabet = 16 × log2(36) ≈ 82 bits.

Q: Can I use it for passwords?

You can, but the password generator has a more polished UI for that case (separate character types, strength meter). This one gives more alphabet flexibility.

Generate random strings with the alphabet and length you need. Useful for tokens, slugs, short IDs, test data and unique filenames.

When to use a random string

Random strings serve very different purposes depending on context. They're not the same as a password, even though they're generated the same way underneath. Common cases:

Internal tokens: beta invitation codes, signed download links, password reset tokens.
Short IDs: a shorter alternative to UUID when readability or length matters (URL slugs, visible IDs).
Unique filenames: to prevent collisions when uploading to S3, R2 or GCS.
Test data: filling text fields in seeds and fixtures without making them look realistic.
Coupon codes: when you want something shorter than a UUID but still secure.

Choosing the alphabet

The alphabet affects readability, entropy per character, and where you can use the string.

Digits only (10): 3.32 bits/char. For one-time codes (OTP).
Lowercase alphanumeric (36): 5.17 bits/char. Good for URL slugs.
Base62 (62): 5.95 bits/char. Standard for short IDs and tokens.
Hex (16): 4 bits/char. Compatible with almost everything.
With symbols (~95): 6.57 bits/char. Only when the destination supports them.

How entropy is calculated

The formula is bits = length × log2(N), where N is the alphabet size. Practical examples:

16 alphanumeric characters = 95 bits. Plenty for any internal token.
21 base62 characters = 125 bits. The nanoid default.
32 hex = 128 bits. Equivalent to a UUID v4.
43 base62 = 256 bits. For master encryption keys.

Below 64 bits, assume an attacker can brute-force it. Above 128 bits, it's out of reach even with massive compute.

Token best practices

If the token goes in a URL, avoid symbols that need escaping.
If humans will read it, skip ambiguous characters (0, O, 1, l, I).
Store a hash if the token is used for authentication, not plaintext.
Give it a real expiration, not infinite.
Log usage (creation, first use, last use at minimum).

When NOT to use this generator

Don't use it as a primary password for a human account — the password generator is tuned for that. Don't use it for IDs that need to be coordinated across distributed systems — UUID v4 or v7 is the right tool there. And don't use it for data that has to be stable: every generation produces something different, unless you copy and paste.

FAQ

How is this different from the password generator?

This produces strings with any alphabet and length. The password generator is optimized for human login with a strength meter.

Can I use it as a short ID like nanoid?

Yes. Base62 with length 21 gives ~125 bits, same as nanoid by default.

How is entropy calculated?

bits = length × log2(alphabet size). 16 characters from a 36-symbol set ≈ 82 bits.

Can I use it for passwords?

Yes, but the dedicated password generator has a more polished UI for that case.