Password Generator

This password generator works locally on your computer: the generated passwords are not sent over the network, and their strength only depends on how long they are and how much do you trust in the secure random number generator of your web browser. You could also save this page locally for later usage off-line. Read the notes below for more.

Complexity: bits  (number of equivalent random bits, see Note 2)


Enter characters:   add: Clear
Enter syllables separated by white space:   Clear



1. How much random are these random passwords? This page generates random passwords by using the JavaScript function window.crypto.getRandomValues() of your web browser, which is supposedly able to generate cryptographically secure random numbers, as much secure as the keys it must generate to establish secure HTTPS connections, for example.

2. What is that "complexity" number? The complexity parameter is the number of equivalent random bits to generate. In general, if S is the number of available symbols (for example all the printable characters) and N is the length of the generated password, then the number of possible different passwords of that length is

SN = 2complexity

So, the required length of the password N to get the equivalent strength of a random key of "complexity" bits length is

N = complexity * log(2) / log(S)

As a rule of thumb, a complexity of 49 bits or more is the minimum security requirement for general usage; less than 32 bits is a very weak password that could be easily cracked by brute force by nowadays fast networks and computers.

3. What is the "Safe characters" set? It includes pretty much all the printable ASCII characters available on any computer keyboard, but some have been removed from the set for several reasons:

	" '   (MSWord would likely change these into fancy quotes :-)
	\ /   (could be confused together)
	O o 0 (could be confused together)
	Z z   (could be confused together)
	1 l   (could be confused together)
	^ [ ] ` { | } ~ (hard to find on some keyboards)

So this leaves us with only S=75 for the characters mode. This means that a complexity of 49 (the default proposed by this page) is equivalent to a password 8 characters long.

I borrowed syllables from a quote of the "Cappuccetto rosso" tale ("Little Red Riding Hood" in English). You could try changing the list of syllables to make the result better for you.

Updated 2021-10-31 by Umberto Salsi <>,