A single-file HTML tool that produces 256-bit cryptographic seeds with transparent bit-accounting. Built around what actually adds entropy — your hand on a keyboard, mouse, or touchscreen, plus the browser's CSPRNG — and refuses to call its output "production-grade" until you've contributed enough real input.
Release Candidate 1 · based on internal build v4000.010
- Download
randomizer4000-RC1.html(or its versioned twinrandomizer4000-008.html). - Save it to your local computer — do not run it from a public web server, hosted sandbox, or shared device. The startup popup explains why; please read it.
- Open the file in a modern browser (Chrome, Firefox, Edge, or Safari from the last
few years). HTTPS is not required —
file://works fine. - On first launch, you will see two modals in sequence:
- A red security warning asking you to confirm you're running locally.
- A source configuration modal asking which entropy sources you want active.
- Move your mouse, click the cell grid, type — watch the meter fill. When it reaches your threshold, the green HARVEST NOW (PRODUCTION) button unlocks.
- The output is a 256-bit hex blob, available also as base64, base58, or BIP-39 24-word mnemonic, with a real scannable QR code.
The page never makes network requests once loaded. All cryptography happens in the browser via the WebCrypto API. The BIP-39 wordlist is inlined — no fetches.
Honest framing first. Randomizer 4000 produces a 256-bit seed by hashing together:
- 256 bits from
crypto.getRandomValues(the browser CSPRNG, hashed into every harvest). This is the cryptographic floor; the seed is at least this strong no matter what else you do. - A 16-byte session salt + a fresh 16-byte per-harvest IV, also CSPRNG-derived.
- A SHA-256 digest of a rolling pool fed by your input events — mouse moves, key presses, scroll events, touch drags, deliberate clicks on a 4×16 cell grid, and optional one-shot samples from microphone / camera if you grant permission.
- A hash of the previous blob in the persistent harvest chain (forward secrecy: each harvest's output depends on every earlier one).
All of these are mixed via double SHA-256. The output is an indelibly-256-bit hex string suitable for use as a wallet seed, encryption key, or any other "I need 32 bytes of high-quality random" application — provided the user-input layer was adequately filled.
The page deliberately drops the elaborate "weather station entropy" theater of an earlier sibling project. Public weather data does not contribute cryptographic entropy against an external observer; only your input and the CSPRNG do, and this tool is honest about that.
Every harvest is stamped with one of three grades. The bit-strength of the output (256 bits, CSPRNG-anchored) is identical in all three; the grade reflects how much of your input was in the mix at the time.
| Grade | When | Use for |
|---|---|---|
STRONG |
Real-bit meter has reached the configured threshold. | Real seed phrases, wallets, master keys. |
PARTIAL |
At least 25 % of threshold but below threshold. | Quick / non-critical generation. |
WEAK |
Below 25 % of threshold (or no input collected). | Throwaway / demo / reproducibility-test. |
The threshold is user-configurable via a slider. The slider's upper bound is dynamically clamped to the maximum your currently-enabled sources can produce (e.g. 320 bits if only mouse/click/keyboard/scroll are on, 720+ if you grant microphone and camera). You can never set an unreachable goal.
When you are below threshold, the page shows specific guidance about which sources have room to contribute, and the click-grid section glows amber to draw attention.
| Source | Bits per event | Cap | Default | Notes |
|---|---|---|---|---|
| Mouse motion | 4 | 80 | ON | Sub-millisecond cursor timing. |
| Click grid | 11 | 100 | ON | A 4 × 16 grid of cells; deliberate clicks. Highest manual rate. |
| Keyboard timing | 11 (2 if repeat) | 80 | ON | Captures key codes + timing only — never key content. |
| Scroll | 5 | 60 | ON | Page scroll-position changes. |
| Touchscreen drag | 8 | 80 | ON | Auto-detected; greyed out on devices without touch input. |
| CSPRNG floor | — | 256 | always | crypto.getRandomValues(32) per harvest. Always present. |
| Microphone (1 s) | ~120 once | 200 | OFF | Optional. Asks browser permission. Stream released after sample. |
| Camera (1 frame) | ~150 once | 200 | OFF | Optional. Asks browser permission. Stream released after capture. |
Each source can be toggled on/off via the gear icon (top-right). Disabled
sources are hidden completely — no UI row, no permission prompt, no event listener.
Settings persist to localStorage.
The bit-counts are conservative min-entropy estimates. Actual cryptographic strength of the final blob is dominated by the CSPRNG floor; per-source bits are honest accounting for the user, not a security claim about the output.
The 256-bit blob can be displayed in any of:
- HEX — 64 lowercase hex chars.
- BASE64 — 44-char base64 (RFC 4648 with padding).
- BASE58 — Bitcoin alphabet, no padding.
- BIP-39 — 24-word English mnemonic with checksum (default — directly usable in wallets; full 2048-word wordlist inlined, works fully offline).
The format selector also drives the QR code, the clipboard copy, and the
downloaded .txt file.
Every harvest's canonical payload includes a hash of the previous harvest's blob. After K successful harvests, the latest blob's effective entropy is bounded below by the sum of every link's per-harvest entropy. An attacker would need to predict every link of the chain to reproduce the latest blob — even one unpredictable link makes every subsequent blob unpredictable.
The chain (last 16 entries) is persisted to localStorage so it survives page
reloads. The CLEAR button breaks the chain after a confirmation prompt.
Two diagnostic panels are included at the bottom of the page:
- Output Whitening Sanity Check — Shannon (with Miller-Madow correction), min-entropy (H∞), and bit uniformity (σ-aware z-score) computed on the latest blob. These check that SHA-256 produced a uniform-looking output — they do not test the upstream entropy of your inputs.
- Security & Tamper Check — three heuristic checks:
randomness quality of
crypto.getRandomValues, harvest consistency (compares recent blobs for accidental duplicates), and recent entropy health (min-entropy + uniformity of the latest blob).
Both panels are explicitly labelled with what they do and don't measure.
The startup popup says it bluntly: cloud, webserver, or shared versions of this
page may expose your data through the network or shared device. If you are using
the seed for anything sensitive (a wallet, encryption key, or password derivation
input), download the file to your own computer and open it from file://. Do not
trust copies you didn't download yourself.
The file is fully self-contained except for two CDN scripts — Tailwind CSS
(styling) and qrcode.js (QR rendering). For maximum integrity, vendor those
locally and replace the two <script src="..."> URLs in the <head>. The
cryptographic logic does not depend on either CDN.
- It does not generate keys directly. It generates a 256-bit seed; you derive keys from it externally with whatever scheme your downstream tool uses.
- It does not persist seeds anywhere except
localStorage(and only the ones in the chain history). Always copy the output to its destination yourself. - It does not provide a server-side anything. There is no server.
- It does not make external network calls during operation. (Loading the CDN-hosted Tailwind and qrcode.js happens once at page load.)
- It does not enforce subresource integrity on those CDN scripts. If you worry about CDN tampering, vendor the scripts locally.
- It does not claim to be a security audit. It's an honest tool with conservative defaults and visible accounting.
randomizer4000-RC1.html Release candidate 1 (this build).
randomizer4000-001.html…008.html Versioned development snapshots.
randomizer3001-real011.html…034 Older sibling project (weather-station-flavoured).
randomizer3001-RELEASE-v0.034 Final 3001 release snapshot.
README.md This file.
Before you trust this tool with sensitive seeds, verify the file you downloaded matches the one we published. A modified copy could leak your seeds. Always check the SHA-256.
RC1 (build 4000.010) — randomizer4000-RC1.html:
SHA-256: 6E17DC8C4228096934F7A1E5BFF030CD3989A69852D6B17607F909414932A431
| Platform | Command |
|---|---|
| Windows (PowerShell) | Get-FileHash .\randomizer4000-RC1.html -Algorithm SHA256 |
| Windows (cmd) | certutil -hashfile randomizer4000-RC1.html SHA256 |
| macOS / Linux | shasum -a 256 randomizer4000-RC1.html or sha256sum randomizer4000-RC1.html |
The output should match the hash above (case-insensitive). If it does not:
- The file may have been modified during transit. Do not use it for sensitive seeds. Re-download from the original source.
- An editor may have re-saved the file with different line endings (CRLF↔LF). Hashes are byte-exact — even invisible changes break them. Use the original download, not a re-saved copy.
- This release may have been superseded. Check whether you have the version
number this README documents (
v4000.010in the page footer).
The SHA-256 above is for the randomizer4000-RC1.html byte-stream as it
exists when this README is updated. If you edit the HTML (even to fix a
typo), bump the build number and recompute the hash before republishing.
Tested with current Chromium-based and Firefox builds. Requires:
- WebCrypto (
crypto.subtle.digest,crypto.getRandomValues) - ES2020+ JavaScript (BigInt for base58)
getUserMediafor microphone/camera (optional features only)localStorage(graceful fallback if unavailable: chain doesn't persist, nothing else affected)
The BIP-39 English wordlist is from the Bitcoin BIPs repository, public domain. The Tailwind CSS framework and qrcode.js library are loaded from CDNJS at page load time; both are MIT-licensed.
The honest framing — calling out theater for what it is and rebuilding around real entropy — is the central design choice.