Anything security-sensitive in the browser — session tokens, nonces, key material — should come from crypto.getRandomValues, the Web Crypto CSPRNG. This tool gives you a fast, visible confirmation that the source exists and produces well-distributed output in the exact browser and environment you are testing.
How it works
When you run the test the tool draws the requested number of bytes from crypto.getRandomValues and tallies how often each of the 256 possible byte values appears. From those counts it computes the Shannon entropy:
H = -Σ p(x) · log2 p(x)
where p(x) is the observed probability of byte value x. A perfectly uniform distribution maximises this sum at 8.0 bits per byte. The tool flags a pass when the measured entropy exceeds 7.9, which a genuine CSPRNG clears easily on a reasonable sample.
As a second check it reports the minimum and maximum bin counts and a chi-square statistic comparing the observed counts against the uniform expectation of n / 256 per value. A chi-square near 255 (the degrees of freedom) is normal; a very large value would indicate a non-uniform source.
Why this test matters in audits and QA
Browser-based web applications that generate cryptographic material — one-time tokens, client-side key generation for end-to-end encryption, nonces for Content Security Policy — depend entirely on crypto.getRandomValues being present and functioning. Two failure modes exist:
Absent API: very old browsers and some embedded WebView environments do not implement the Web Crypto API at all. Code that calls crypto.getRandomValues without checking first throws a runtime exception, and a naive fallback to Math.random() would be catastrophic for security.
Degraded output: some environments — particularly sandboxed iframes, certain Electron builds, and older Android WebViews — implement the API but seed it poorly or clip the output distribution. A byte-frequency test catches this: if value 0 appears three times as often as value 255, the entropy score falls well below 7.9.
Running this test in your target environment (a specific browser build, a WebView, a hybrid app shell) gives you an empirical confirmation rather than relying on documentation.
What the chi-square value means
With 256 possible byte values and a large sample, the expected count for each value is n / 256. The chi-square statistic measures how far the observed counts deviate from this expectation. With 255 degrees of freedom, a chi-square well below 350 is typical for a healthy CSPRNG on a sample of several thousand bytes. A value in the hundreds of thousands would indicate systematic bias — for example, a source that returns 0xFF far more often than other values, which is the kind of bug that has appeared in older embedded PRNG implementations.
Notes and limitations
- A passing distribution does not prove cryptographic security on its own — a counter can look uniform too. The real guarantee comes from using
crypto.getRandomValues, whose presence this tool verifies. - Larger sample sizes produce a more stable entropy estimate; 4,096 bytes or more gives a reliable result.
- Everything runs locally. The random bytes are never sent anywhere.