密码生成器
生成加密安全的密码和密码短语
工作原理
This generator uses crypto.getRandomValues(), the Web Crypto API built into every modern browser. It draws entropy from your operating system's cryptographic random number generator (e.g., /dev/urandom on Linux, CryptGenRandom on Windows). This is the same source of randomness used by TLS, SSH, and other security-critical protocols. No Math.random() is used anywhere — every bit of output is cryptographically secure.
常见问题
这些密码是真正随机的吗?
Yes. This tool uses crypto.getRandomValues(), the Web Crypto API built into every modern browser. It draws entropy from the operating system's cryptographic random number generator (e.g., /dev/urandom on Linux, CryptGenRandom on Windows). This is the same source of randomness used by TLS, SSH, and other security-critical software.
Is my generated password sent to any server?
No. All password generation happens entirely in your browser using JavaScript. Zero network calls are made with your password data — no fetch, no XMLHttpRequest, no WebSocket, no beacon. Your passwords exist only in browser memory and are never stored in localStorage, sessionStorage, or cookies.
Should I use a password or a passphrase?
Both are secure when generated randomly. Passwords are shorter but harder to memorize. Passphrases like tiger-ocean-bridge-castle are easier to remember and type while still providing excellent entropy. A 4-word passphrase from a 200-word list provides about 31 bits of entropy; use 5-6 words for higher security.
How long should my password be?
At minimum 12 characters, but 16 or more is recommended. Longer passwords exponentially increase the number of possible combinations an attacker must try. With all character types enabled (uppercase, lowercase, numbers, symbols), a 16-character password has over 1030 possible combinations.