I have a small but important suggestion: for generating truly random passwords or other security-related random tokens, it's safer to use Crypto.getRandomValues() instead of the regular Math.random().
From Mozilla's MDN page for Math.random():
Math.random() does not provide cryptographically secure random numbers. Do not use them for anything related to security. Use the Web Crypto API instead, and more precisely the window.crypto.getRandomValues() method.
You should reread that MDN page that you linked to. Of course Crypto.getRandomValues is also pseudo-random. It's just better pseudo-random, with higher entropy, so it's safer (and more cpu-cycle-hungry).
Nice tutorial!
I have a small but important suggestion: for generating truly random passwords or other security-related random tokens, it's safer to use Crypto.getRandomValues() instead of the regular Math.random().
From Mozilla's MDN page for
Math.random()
:You should reread that MDN page that you linked to. Of course Crypto.getRandomValues is also pseudo-random. It's just better pseudo-random, with higher entropy, so it's safer (and more cpu-cycle-hungry).
You are right, thanks for correcting me. I deleted my last paragraph.
thank you i didnt know it
Very important and good point! More people should be aware of this!