What does Shannon entropy in bits per byte mean here?

It measures how evenly the 256 possible byte values are spread. A perfectly uniform source scores the maximum 8.0 bits per byte, and a healthy CSPRNG over a thousand-plus samples lands very close to that. Values well below 8.0 indicate a skewed or broken source.

Why does the threshold sit at 7.9 and not 8.0?

Finite samples never hit the theoretical maximum exactly because some byte values appear slightly more often than others by chance. With a reasonable sample size a genuine CSPRNG comfortably clears 7.9, so that threshold passes good sources while still catching badly broken ones.

Does a passing score prove the randomness is cryptographically secure?

No. This is a distribution sanity check, not a cryptographic audit. A counter or a poor PRNG can also look uniform. It confirms the source is present and well-distributed, but cryptographic security comes from using crypto.getRandomValues itself, which this tool verifies is available.

What is the chi-square value for?

It compares the observed count of each byte value against the count you would expect from a perfectly uniform source. With 255 degrees of freedom a value near 255 is typical for good randomness; a very large value signals the distribution is uneven.

Is any data sent to a server?

No. The random bytes are generated and analysed entirely in your browser and are never transmitted. Nothing is stored after you leave the page.

Browser Entropy Source Tester

Anything security-sensitive in the browser — session tokens, nonces, key material — should come from crypto.getRandomValues, the Web Crypto CSPRNG. This tool gives you a fast, visible confirmation that the source exists and produces well-distributed output in the exact browser and environment you are testing.

How it works

When you run the test the tool draws the requested number of bytes from crypto.getRandomValues and tallies how often each of the 256 possible byte values appears. From those counts it computes the Shannon entropy:

H = -Σ p(x) · log2 p(x)

where p(x) is the observed probability of byte value x. A perfectly uniform distribution maximises this sum at 8.0 bits per byte. The tool flags a pass when the measured entropy exceeds 7.9, which a genuine CSPRNG clears easily on a reasonable sample.

As a second check it reports the minimum and maximum bin counts and a chi-square statistic comparing the observed counts against the uniform expectation of n / 256 per value. A chi-square near 255 (the degrees of freedom) is normal; a very large value would indicate a non-uniform source.

Notes and limitations

A passing distribution does not prove cryptographic security on its own — a counter can look uniform too. The real guarantee comes from using crypto.getRandomValues, whose presence this tool verifies.
Larger sample sizes produce a more stable entropy estimate; very small samples naturally score lower.
Everything runs locally. The random bytes are never sent anywhere.