How computers fake randomness (and when they don’t)
Computers are deterministic machines, yet they hand out random numbers all day. The difference between pseudo-random and the real thing.
5 min read · Reviewed July 2026
A computer is a machine built to do the same thing every time. Ask it for chaos and it has a problem. The standard solution is a pseudo-random number generator: a formula that takes a starting value (the seed) and churns out a sequence that LOOKS random but is completely determined by that seed. Same seed, same 'random' numbers, forever.
For a game's dice or a shuffled playlist, that's fine. The trouble starts when predictability has a price. If an attacker can guess the seed — and seeds have historically been things like the current time in milliseconds — they can reproduce your entire sequence: your session tokens, your lottery draw, your shuffle.
Where real randomness comes from
True unpredictability has to come from outside the formula — from physics. Operating systems harvest it constantly: microscopic timing jitter in your keystrokes and mouse movement, electrical noise in circuits, drive timing variations. Modern CPUs even include hardware instructions that sample thermal noise. All of it feeds an entropy pool that seeds and reseeds the system's cryptographic generator.
That's what your browser's Web Crypto API taps — and it's what every tool on our homepage uses. The famous alternatives go further for show: Cloudflare seeds part of its encryption entropy with a wall of lava lamps in its lobby, and random.org samples atmospheric radio noise. Charming, but your operating system's entropy pool is doing the same job less photogenically.
The one rule worth remembering
Math.random() and its cousins are for when randomness is decorative. Crypto-grade randomness is for when someone might care about the outcome — money, winners, security, fairness. The cost difference is nothing; the failure difference is everything. When in doubt, use the strong one. We did.