Password Tool Back to generator

Trust center

Security and generation methodology

Technical details, threat boundaries, randomness handling, and reproducible checks for the password generator.

Randomness source

The generator requests cryptographically strong values from crypto.getRandomValues(). It never uses Math.random(), whose output is not specified for cryptographic use. The Web Crypto specification describes a CSPRNG seeded with high-quality entropy, commonly supplied by the operating system. The browser and operating system choose the underlying provider; PwdGen does not claim that every call reads a CPU hardware entropy source directly.

Random indices use rejection sampling. Values above the largest complete multiple of the alphabet size are discarded before the modulo operation, avoiding the bias that a direct randomValue % alphabetSize mapping would introduce.

Character coverage and shuffle

The generator first selects one character from every enabled source. It fills the remaining positions from the combined pool and then performs a cryptographically driven Fisher–Yates shuffle. Filters for similar and ambiguous characters are applied before selection.

Data flow

Generated values exist only in the current page memory and the visible result nodes. They are not written to URLs, cookies, local storage, session storage, server logs, or build artifacts. The locale preference is the only application preference stored in local storage and a functional cookie.

Threat model and limits

This design protects against the website intentionally collecting generated passwords. It cannot guarantee the integrity of the user’s device, browser extensions, clipboard, operating system, or destination service. It also cannot make a reused password safe or prevent a user from entering a password into a phishing page.

Reproducible review

The browser, public API, and pwdgen-cli@1.0.0 share the same Web Crypto rejection-sampling core. Automated tests check enabled-character coverage, excluded characters, invalid configurations, and the absence of Math.random(). Browser tests verify that regeneration and copying do not issue password-bearing network requests. Public source and CI results are linked above; this is reproducible engineering evidence, not a claim of an independent security audit.

For a deeper protocol-level explanation, read the client-side password generation whitepaper.

Sources