Password & UUID Generator
Cryptographically secure passwords, passphrases, and UUIDs — generated entirely in your browser with zero server contact.
All passwords generated locally using your browser's cryptographic random number generator (window.crypto). Nothing is transmitted or stored outside your browser.
Settings
Character Sets
Minimum 1 character from each selected type is guaranteed.
Generated Password
Bulk Generate
Recent History (session only)
No history yet. Generate a password to start.
Settings
Generated Passphrase
Bulk Generate
Recent History (session only)
No history yet. Generate a passphrase to start.
Settings
Version 4: All 122 bits are cryptographically random.
Generated UUID
Click the UUID to copy it to clipboard.
Bulk Generate
Recent History (session only)
No history yet. Generate a UUID to start.
Frequently Asked Questions
Why are cryptographically random passwords more secure?
Password security relies on unpredictability. The browser's window.crypto.getRandomValues() API uses the operating system's entropy source (hardware noise, timing events, etc.), making outputs statistically indistinguishable from true randomness. This is in stark contrast to Math.random(), which is pseudorandom and potentially predictable. A 20-character password from a 95-symbol charset has ~131 bits of entropy — computationally infeasible to brute-force even with nation-state resources.
What is entropy and how is the strength meter calculated?
Entropy measures the number of possible combinations, expressed in bits: entropy = log₂(charset_size ^ length). For passphrases it's log₂(wordlist_size ^ word_count). Our thresholds: below 40 bits is Weak; 40–60 is Fair; 60–80 is Good; 80–100 is Strong; above 100 is Very Strong. Most security experts recommend at least 80 bits for long-term secrets.
What is the difference between UUID v4 and UUID v7?
UUID v4 fills all 122 non-version bits with random data, making it purely unpredictable and suitable for identifiers that must not reveal creation order. UUID v7 encodes a millisecond-precision Unix timestamp in the first 48 bits, followed by random bits — this makes v7 UUIDs naturally sortable by creation time, which is ideal for database primary keys, log correlation, and distributed systems where ordering matters. Both are cryptographically generated here.
Are passphrases actually strong enough to use as passwords?
Yes — often stronger than typical passwords. A 4-word passphrase drawn from a 200-word list has ~log₂(200⁴) ≈ 30 bits, which is modest. But use a 6-word EFF-style passphrase from a 7,776-word list and you get ~77 bits. Our generator uses a curated 200-word list, so longer passphrases (6–8 words) are recommended for high-security use. Passphrases also have the advantage of being far more memorable than random character strings.
Does this tool work offline? Is anything sent to a server?
Once the page loads (fetching Tailwind CSS and Google Fonts CDN), all generation happens purely in your browser using JavaScript and the Web Crypto API. No passwords, passphrases, or UUIDs are ever transmitted anywhere. History is stored in sessionStorage only — it disappears when you close the tab. For maximum privacy, open the page, then disable your network connection before generating. It will still work perfectly.