## DEV Community is a community of 639,856 amazing developers

We're a place where coders share, stay up-to-date and grow their careers.

As you may know, many programming languages have the ability to generate random numbers, while not letters (at least in javascript). Today, I will walk you through how you can make a random password/code generator.

Firstly, we need to know how to create a random number. In javascript it's pretty simple using `Math.random`. Since this is not "cryptographically secure" (whatever that means), you need to use a workaround

``````Math.random = () => {
const int = window.crypto.getRandomValues(new Uint32Array(1))[0]
return int / 2 ** 32
}
``````

It returns a random number—but only between 0-1. Since there are 26 numbers in the alphabet but many possibilities from `Math.random`, we need to use a little logic to get a random number that has 26 possibilities:

``````Math.floor(Math.random() * 25)
``````

At this stage our code will return a random from 0 to 25. Since these are only numbers—we need to get the character associated with that number. Luckily, javascript has a function called `String.fromCharCode`. Since the character code of "a" is 97, we need to offset our random number by 97:

``````String.fromCharCode(
Math.round(Math.random() * 25) + 97
)
``````

Now that we have our random letter, time to repeat the process using a for loop—or my personal favorite, creating an empty array followed by mapping it. Putting it all together, this is what it would look like:

``````Math.random = () => {
const int = window.crypto.getRandomValues(new Uint32Array(1))[0]
return int / 2**32
}

// initialize an array of the specified length
var charArr = [...Array(length)]

// map each item in the array to a random char
charArr = charArr.map(
_ => String.fromCharCode(
Math.round(Math.random() * 25) + 97
)
)

// convert the array into a string by joining it
return charArr.join("")
}
``````

## Discussion (5)

You're going to need to follow the "web site password requirements" also. Things like 1) add an uppercase, 2) add a special char 3) max length
I put it all together in an app i call C'YaPass. In my app you draw your password and it generates a SHA-256 based hash which you use as your password. You can read about it here on dev.to Destroy All Passwords: Never Memorize a Password Again. It's FOSS (fully open source software) and you can get the source at GitHub.
Check it out and let me know what you think.

Vincent Milum Jr

"Math.random() does not provide cryptographically secure random numbers. Do not use them for anything related to security."

developer.mozilla.org/en-US/docs/W...

TheYoungestCoder

Thank you for letting me know! I updated my post