Security
Client-side generation
All random data generation in RandKit uses the Web Crypto API. Specifically:
crypto.getRandomValues()for all security-sensitive generationcrypto.randomUUID()for UUID v4 generationMath.random()is never used for passwords, tokens, keys, or secrets
Content Security Policy
RandKit enforces a strict Content Security Policy that prohibits inline scripts, external script sources, and eval(). All scripts are loaded from the same origin.
No data transmission
Generated values are never sent to any server. The site does not make fetch or XHR requests during generation. You can verify this using browser DevTools.
No client-side storage of secrets
Generated values are never stored in localStorage, sessionStorage, or cookies. Only non-sensitive UI preferences (theme, language) are persisted.
Responsible disclosure
If you discover a security vulnerability, please report it to contact@overklassniy.space. We will acknowledge your report within 48 hours and work to resolve the issue promptly.