How Our Password Generator Works: Cryptographic Security
Technical explanation of the cryptographic random number generation, entropy calculation, and security considerations.
Cryptographic random number generation
Our Password Generator uses the Web Crypto API's getRandomValues() function, which provides cryptographically secure pseudo-random numbers sourced from your operating system's entropy pool. This is fundamentally different from Math.random(), which uses a predictable algorithm and is unsuitable for security purposes.
How passwords are generated
For each character in the password, we generate a random 32-bit unsigned integer using getRandomValues(), take the modulo with the character set length to get an index, and append the character at that index to the password. This process repeats for the desired password length.
Entropy calculation
Entropy (randomness) is calculated as: length x log2(character set size). For a 16-character password using all 94 printable ASCII characters, entropy = 16 x log2(94) = 16 x 6.55 = 104.8 bits. This is considered cryptographically strong (80+ bits is very strong, 128+ bits is unbreakable).
Strength meter thresholds
| Entropy | Strength |
|---|---|
| Below 40 bits | Weak |
| 40-60 bits | Fair |
| 60-80 bits | Strong |
| Above 80 bits | Very strong |
Security guarantees
Passwords are generated entirely in your browser and never transmitted to any server. The Web Crypto API is the same API used for TLS encryption and is considered cryptographically secure by security professionals. Generated passwords are suitable for any security-sensitive application.
Use our free tools
All 41 premium tools on sevi.fun are free, no sign-up required.
Explore All Tools