Developer Tools for Random Data Generation // v2.9.8
root@generate-random:~/nonce$ _

Nonce Generator

Generate a cryptographically secure random nonce (number used once) for AES-GCM, OAuth/OpenID, CSP headers, and replay protection - Hex, Base64, and Base64URL

[ Nonce - Quick Summary ]

What: Generate a cryptographically secure random nonce - a "number used once". Supports Hex, Base64, Base64URL, and Alphanumeric encodings with configurable byte lengths (8-64 bytes, 64-512 bits of entropy). Uses CSPRNG (PHP random_bytes) so each nonce is unpredictable and never repeats in practice.

When to use: Initialization vectors / nonces for AES-GCM and ChaCha20-Poly1305, the nonce parameter in OAuth 2.0 / OpenID Connect authentication requests, per-request Content-Security-Policy script-src 'nonce-...' values, API request nonces for replay protection, and WebAuthn challenges.

Example: 3f8a1c9e5b2d7f04a6e1c8b0 (Hex, 12 bytes, 96 bits - the AES-GCM nonce size)

Security/Important: A nonce must be unique per key/context - never reuse the same nonce with the same key (catastrophic for AES-GCM). Use 12 bytes (96 bits) for AES-GCM, 16-24 bytes for general use. A nonce needs to be unique and, for auth flows, unpredictable - use this CSPRNG generator rather than counters when unpredictability matters. Nonces are single-use: generate a fresh one for every message, request, or page render.

Our nonce generator creates a cryptographically secure random nonce - a number used once - for cryptography, authentication, and web security. Generate a nonce in Hex, Base64, Base64URL, or Alphanumeric encoding with configurable byte lengths (8-64 bytes) using a cryptographically secure random number generator (CSPRNG). Perfect for AES-GCM and ChaCha20 initialization vectors, the OAuth 2.0 and OpenID Connect nonce parameter, per-request Content-Security-Policy nonces, API replay-protection tokens, and WebAuthn challenges. A nonce guarantees freshness: because it is used only once, it stops attackers from replaying a captured message or request. Related tools: an encryption key generator for the key that pairs with your GCM nonce, a UUID generator for unique identifiers, and a session secret generator for cookie signing. All nonces use CSPRNG for maximum unpredictability.

What is a Nonce Generator?

A nonce generator creates a random "number used once" - a value that is generated fresh for a single message, request, or session and never reused in the same context. Nonces solve two related problems: freshness and replay protection. In authenticated encryption such as AES-GCM or ChaCha20-Poly1305, the nonce (also called an IV) ensures that encrypting the same plaintext twice with the same key produces different ciphertext, and it must never repeat for a given key. In authentication flows like OAuth 2.0 and OpenID Connect, the client sends a random nonce with the request and checks that the same value comes back in the response, defeating replay and token-substitution attacks. Our generator uses a cryptographically secure random number generator (CSPRNG via PHP's random_bytes) so nonces are both unique and unpredictable.

The right size and encoding depend on the use case. AES-GCM expects a 12-byte (96-bit) nonce; general-purpose nonces use 16-24 bytes; Content-Security-Policy nonces are typically random base64 values regenerated on every page render. Choose Hex for IVs and low-level cryptography, Base64 or Base64URL for HTTP headers and OAuth parameters, and Alphanumeric when you need a value free of special characters. Whatever the format, the golden rule is one nonce, one use: generate a new value every time, and for AES-GCM in particular never pair the same nonce with the same key twice.

Nonce Generator Configuration

Count (1-50 Nonces)

Specify how many nonces to generate (maximum 50). Each nonce is cryptographically unique using PHP's random_bytes function (CSPRNG). Generating several at once is useful for seeding test vectors, batch-encrypting multiple messages, or pre-generating nonces for load testing.

Byte Length (8-64 bytes)

Control nonce size and entropy. 12 bytes (96 bits) is the standard AES-GCM nonce, 16 bytes (128 bits) is a common general-purpose size, 24 bytes (192 bits) suits XChaCha20, and 32 bytes (256 bits) is used where extra entropy is wanted. Match the size to your algorithm's requirement - AES-GCM in particular expects exactly 12 bytes.

Encoding Format

Choose output encoding: Hex (lowercase hexadecimal, ideal for IVs and cryptography), Base64 (compact, for HTTP headers), Base64URL (URL-safe, no + / = characters, for OAuth parameters and CSP), or Alphanumeric (0-9, a-z, A-Z only). Pick the encoding your protocol or library expects.

How to Generate a Nonce

[STEP 1] Pick the Size for Your Use Case

Choose 12 bytes for AES-GCM, 16-24 bytes for general-purpose or OAuth nonces, or 32 bytes when you want maximum entropy. The size should match the algorithm or protocol you are targeting.

[STEP 1] Select an Encoding

Use Hex for cryptographic IVs, Base64URL for OAuth/OpenID nonce parameters and CSP header values, and Base64 for general HTTP use. Alphanumeric is handy when special characters are not allowed.

[STEP 1] Generate the Nonce

Click EXECUTE GENERATION to create nonces with CSPRNG security. Each nonce displays with a Copy button and shows its byte length, entropy bits, and strength assessment. All nonces use PHP's random_bytes for cryptographic randomness.

[STEP 1] Use It Once

Use each nonce a single time - as the IV for one encryption, the nonce parameter of one auth request, or the CSP nonce of one page render. Generate a fresh nonce for the next operation. For AES-GCM, never reuse a nonce with the same key.

Nonce Best Practices

  • _ Never Reuse a Nonce with the Same Key - For AES-GCM and other AEAD ciphers, reusing a nonce with the same key breaks confidentiality and can leak the authentication key. Generate a fresh nonce for every message, or use a strictly increasing counter that never repeats for a given key.
  • _ Match the Size to the Algorithm - Use exactly 12 bytes (96 bits) for AES-GCM, 24 bytes for XChaCha20-Poly1305, and 16 bytes for many general-purpose schemes. Using the wrong size can be rejected by your crypto library or reduce security.
  • _ Use Unpredictable Nonces for Auth Flows - For OAuth 2.0 / OpenID Connect nonces, CSP nonces, and API replay protection, the value must be unpredictable, not just unique. Use this CSPRNG generator rather than timestamps or sequential counters, which an attacker could guess.
  • _ Regenerate CSP Nonces Per Request - A Content-Security-Policy nonce must be freshly generated on every page render and injected into both the CSP header and the matching script/style tags. A static or reused CSP nonce provides no protection against injected scripts.
  • _ Bind Auth Nonces to the Session - When using a nonce to prevent replay in OpenID Connect or API requests, store the issued nonce server-side (or in the user's session) and verify the returned value matches, then discard it. Reject requests whose nonce is missing, unknown, or already used.
  • _ Pair with a Strong Key - A nonce is only half of authenticated encryption; the other half is the key. Generate the key with a dedicated encryption key generator and keep it secret. The nonce can be public; the key must not be.

Technical Implementation

Our nonce generator uses PHP's random_bytes (CSPRNG) ensuring cryptographic randomness, then encodes the bytes in your chosen format:

// Nonce Generation Algorithm
Algorithm: Cryptographically Secure Random Nonce Generation

// Step 1: Generate Random Bytes
byte_length = 12 (AES-GCM) or 16-32 (configurable: 8-64 bytes)
random_bytes = random_bytes(byte_length) // PHP CSPRNG
// Example: 12 bytes = 96 bits (AES-GCM nonce)

// Step 2: Encode Based on Format
if (format == "hex") then:
  nonce = bin2hex(random_bytes)
  // Example: 3f8a1c9e5b2d7f04a6e1c8b0 (24 hex chars for 12 bytes)

else if (format == "base64") then:
  nonce = base64_encode(random_bytes)

else if (format == "base64url") then:
  nonce = base64_encode(random_bytes)
  nonce = strtr(nonce, '+/', '-_') // URL-safe chars
  nonce = rtrim(nonce, '=') // Remove padding

else if (format == "alphanumeric") then:
  charset = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ'
  nonce = ''
  for i = 0 to (byte_length * 2) do:
    nonce += charset[random_int(0, 61)]

// Golden rule: use each nonce ONCE.
// AES-GCM: never reuse a nonce with the same key.

API Access for Developers

Generate nonces programmatically using our free REST API. Specify count, byte length, and encoding format for cryptographic test vectors, CI/CD pipelines, and automated security testing.
GET https://generate-random.org/api/v1/generate/nonces?count=5&length=12&format=hex
VIEW FULL API DOCUMENTATION

Frequently Asked Questions

What is a nonce?

A nonce is a "number used once" - a random or unique value generated for a single use and never repeated in the same context. Nonces provide freshness and replay protection: in cryptography a nonce (IV) makes each encryption unique for a given key, and in authentication a nonce lets a server confirm that a response corresponds to the exact request it issued. The key property is single use - a fresh nonce for every message, request, or page render.

What size nonce should I use for AES-GCM?

AES-GCM expects a 12-byte (96-bit) nonce. This is the size recommended by NIST SP 800-38D and is the most efficient for GCM. You can technically use other sizes, but 12 bytes is standard and best-supported. The critical rule is uniqueness: never use the same 12-byte nonce with the same key twice, or GCM's security collapses. Generate a fresh nonce for each message.

What is the difference between a nonce and a UUID?

A UUID is a unique identifier - its job is to be different from every other UUID, and it may be predictable. A nonce is a single-use value whose job is freshness and, in security contexts, unpredictability. Use a UUID to name or reference something durably; use a nonce to make one cryptographic operation or one auth request fresh and non-replayable. A random nonce and a random (v4) UUID are both CSPRNG values, but they are used for different purposes.

What is a Content-Security-Policy (CSP) nonce?

A CSP nonce is a random value you place in the Content-Security-Policy header (for example script-src 'nonce-abc123') and repeat as the nonce attribute on the script/style tags you trust. The browser only executes tags whose nonce matches the header, blocking injected scripts. The nonce must be freshly generated on every request (never static or cached) and should be unpredictable - generate it with a CSPRNG like this tool, typically as a base64 value.

Can a nonce be predictable, or does it need to be random?

It depends on the use case. For AES-GCM the nonce must be unique per key but does not strictly need to be unpredictable - a counter works. For OAuth/OpenID nonces, CSP nonces, and API replay protection, the nonce must be unpredictable so an attacker cannot guess or forge it - use a CSPRNG. When in doubt, use a cryptographically secure random nonce (as this generator produces); it satisfies both uniqueness and unpredictability.

Is it safe to reuse a nonce?

No - reuse defeats the entire purpose. Reusing an AES-GCM nonce with the same key is catastrophic: it can reveal plaintext relationships and compromise the authentication key. Reusing an auth or CSP nonce removes replay protection. Always generate a fresh nonce for each operation and, for auth flows, discard each nonce after it has been verified once.

[ HOW TO CITE THIS PAGE ]

APA Style:
Generate-Random.org. (2026). Nonce Generator. Retrieved from https://generate-random.org/nonce
Web Citation:
Nonce Generator - Generate-Random.org (https://generate-random.org/nonce)