Browser Entropy Source Tester

Verify that crypto.getRandomValues works in the current browser environment

Runs a sanity check on the browser Web Crypto CSPRNG: generates a batch of random bytes via crypto.getRandomValues, builds a byte-frequency distribution, and confirms the Shannon entropy exceeds 7.9 bits per byte. Shows developers and auditors that the browser random source is functioning correctly. It runs free in your browser on Gera Tools, with nothing uploaded.

Last updated Source: Gera Tools

What does Shannon entropy in bits per byte mean here?

It measures how evenly the 256 possible byte values are spread. A perfectly uniform source scores the maximum 8.0 bits per byte, and a healthy CSPRNG over a thousand-plus samples lands very close to that. Values well below 8.0 indicate a skewed or broken source.

Anything security-sensitive in the browser — session tokens, nonces, key material — should come from crypto.getRandomValues, the Web Crypto CSPRNG. This tool gives you a fast, visible confirmation that the source exists and produces well-distributed output in the exact browser and environment you are testing.

How it works

When you run the test the tool draws the requested number of bytes from crypto.getRandomValues and tallies how often each of the 256 possible byte values appears. From those counts it computes the Shannon entropy:

H = -Σ p(x) · log2 p(x)

where p(x) is the observed probability of byte value x. A perfectly uniform distribution maximises this sum at 8.0 bits per byte. The tool flags a pass when the measured entropy exceeds 7.9, which a genuine CSPRNG clears easily on a reasonable sample.

As a second check it reports the minimum and maximum bin counts and a chi-square statistic comparing the observed counts against the uniform expectation of n / 256 per value. A chi-square near 255 (the degrees of freedom) is normal; a very large value would indicate a non-uniform source.

Why this test matters in audits and QA

Browser-based web applications that generate cryptographic material — one-time tokens, client-side key generation for end-to-end encryption, nonces for Content Security Policy — depend entirely on crypto.getRandomValues being present and functioning. Two failure modes exist:

Absent API: very old browsers and some embedded WebView environments do not implement the Web Crypto API at all. Code that calls crypto.getRandomValues without checking first throws a runtime exception, and a naive fallback to Math.random() would be catastrophic for security.

Degraded output: some environments — particularly sandboxed iframes, certain Electron builds, and older Android WebViews — implement the API but seed it poorly or clip the output distribution. A byte-frequency test catches this: if value 0 appears three times as often as value 255, the entropy score falls well below 7.9.

Running this test in your target environment (a specific browser build, a WebView, a hybrid app shell) gives you an empirical confirmation rather than relying on documentation.

What the chi-square value means

With 256 possible byte values and a large sample, the expected count for each value is n / 256. The chi-square statistic measures how far the observed counts deviate from this expectation. With 255 degrees of freedom, a chi-square well below 350 is typical for a healthy CSPRNG on a sample of several thousand bytes. A value in the hundreds of thousands would indicate systematic bias — for example, a source that returns 0xFF far more often than other values, which is the kind of bug that has appeared in older embedded PRNG implementations.

Notes and limitations

  • A passing distribution does not prove cryptographic security on its own — a counter can look uniform too. The real guarantee comes from using crypto.getRandomValues, whose presence this tool verifies.
  • Larger sample sizes produce a more stable entropy estimate; 4,096 bytes or more gives a reliable result.
  • Everything runs locally. The random bytes are never sent anywhere.