Password generator — strength, char sets, length
Generate strong random passwords in batches of 1–25. Pick length, character sets, and toggle look-alike exclusion. Backed by crypto.getRandomValues and runs entirely in your browser.
How to use
Pick a length and how many passwords to generate, then toggle the character sets (lowercase / uppercase / digits / symbols). Enable Exclude look-alikes to drop i / l / 1 / L / o / 0 / O from the pool. The output auto-refreshes on every config change (Regenerate is also available). Each row has a Copy button; Copy all dumps every password separated by newlines. The RNG is crypto.getRandomValues with rejection sampling to avoid modulo bias. Entropy in bits and a strength label update live.
FAQ
- Are generated passwords sent to a server?
- No. crypto.getRandomValues taps the browser's secure RNG and everything (generation, display, copy) stays on your device — no network calls.
- How is this different from Math.random?
- Math.random is a non-cryptographic PRNG and must not be used for secrets. This tool uses crypto.getRandomValues, which pulls from the OS's secure entropy source — suitable for password generation.
- How is strength (entropy) computed?
- length × log2(pool size). For example 16 chars × 94 (mixed case + digits + symbols) ≈ 104.9 bit. As a rough guide: < 40 bit is weak, < 60 is fair, < 100 is strong, ≥ 100 is very strong. 80+ bit resists modern offline attacks.
- Are all selected character sets guaranteed to appear?
- Yes. We seed the password with one character from each enabled set, fill the remainder from the combined pool, then shuffle with Fisher-Yates (also crypto-randomized) so the seeded positions are not predictable.
Related tools
Password Strength Check (zxcvbn score / crack time / feedback)
Runs Dropbox's `zxcvbn-ts` (MIT) inside your browser to estimate password strength: a 0–4 score, log2 entropy, raw guess count, estimated crack time under four attack scenarios (online throttled, online unthrottled, offline slow hash, offline fast hash), and the detected weakness patterns (dictionary, sequence, repeat, date, keyboard, l33t). Feedback (warning + suggestions) is shown in your locale. Input is masked by default with an eye-toggle and an option to highlight look-alike characters (i/l/1/L/o/0/O). Nothing is uploaded — analysis runs entirely in your browser.
Hash generator — SHA-1 / 256 / 384 / 512
Generate SHA-1, SHA-256, SHA-384, and SHA-512 digests from text in parallel. Powered by the Web Crypto API and runs entirely in your browser.
UUID generator — v4 / v7 batch generation
Generate UUID v4 (random) or UUID v7 (timestamp-prefixed) in batches of 1–100. Backed by crypto.getRandomValues and runs entirely in your browser.
Dice roller — 2d6+3 / 4d6kh3 notation (Web Crypto, no server)
Roll TTRPG / board-game dice using familiar notation: 2d6+3, 1d20-2, 4d6kh3 (keep highest 3), 3d6+1d4-1, and more. Randomness uses the Web Crypto API (crypto.getRandomValues with rejection sampling) for an exactly uniform distribution. Comes with one-click presets (d4 / d6 / d8 / d10 / d12 / d20 / d100 / 3d6 / 4d6kh3, …) and an in-browser history of the last 20 rolls. Nothing is uploaded.