NIXX/DEVv1.14.0
ArticlesFavorites
Sign In
Sign In
50+ Free Tools

Simple Online Tools for Everyday Work

Free, fast, no-signup tools for developers and everyday tasks.

Strong Password Generator — Free & Secure

Create strong, random passwords that are virtually impossible to crack. Choose your desired length, character types (uppercase, lowercase, numbers, symbols), and generate as many passwords as you need. Everything happens in your browser — nothing is ever sent to a server.

Tips

  • Longer is stronger

    A 12-character password takes years to crack with modern hardware. A 20-character password would take longer than the age of the universe. Length matters more than complexity.

  • Use a password manager

    You don't need to remember strong passwords — use a password manager like Bitwarden (free), 1Password, or Dashlane to store them securely.

  • One unique password per account

    Never reuse passwords. If one account is breached, attackers try the same password on every other service (credential stuffing). Unique passwords stop this.

  • Enable 2FA as a second layer

    Even the strongest password can be phished. Enable two-factor authentication (2FA) on all important accounts as a second line of defence.

Secret Key Generator

Security

Generate secure random keys, API tokens, or passwords.

About this tool

What is the Secret Key Generator?

The Secret Key Generator creates cryptographically random keys, passwords, API tokens, UUIDs, passphrases, and secrets using your browser's built-in Web Crypto API. Choose an output mode, configure the settings, and a new value is generated instantly — nothing is ever sent to a server.

Output Modes

Random string — the classic mode. Set a length and choose which character types to include: uppercase, lowercase, numbers, and symbols. The entropy panel shows exactly how strong the result is in bits, along with a crack time estimate.

UUID — generates a standard UUID in either v4 (fully random, 122 bits of entropy) or v7 (time-ordered, sortable, ideal for database primary keys) format. UUID v7 encodes the current timestamp in the top 48 bits, making generated IDs sortable by creation time — a significant advantage for indexed database columns.

Hex — generates a hexadecimal string from a specified number of random bytes. Every byte produces two hex characters. A 32-byte hex string is 256 bits and suitable for encryption keys, nonces, and HMAC secrets.

Base64url — encodes random bytes as a URL-safe Base64 string with no padding and no + or / characters. This format is used directly in JWTs, OAuth tokens, and HTTP Authorization headers without further encoding.

API key — generates a prefixed key in the style used by Stripe, Anthropic, and other services (sk_live_…, pk_…, api_…). Prefixed keys are easier to identify in logs, easier to rotate per environment, and harder to accidentally commit than bare random strings.

Passphrase — generates a memorable phrase from a wordlist, in the style of the XKCD 936 / EFF recommendation. Configure the number of words, separator, capitalization, and whether to append a number. Passphrases are significantly easier to type and remember than random strings while still providing strong security at five or more words.

How to Use the Generator

  1. Choose a mode. Click one of the six mode tabs at the top.
  2. Adjust the settings. Each mode has its own controls — length, byte count, prefix, word count, separator, and so on. The output updates automatically as you change any setting.
  3. Copy or regenerate. Click the copy icon to copy the output to your clipboard. Click the regenerate icon to generate a new value with the same settings.
  4. Read the entropy panel. Every output shows its strength in bits and an estimated crack time at one billion guesses per second, which is a realistic offline attack rate for a fast hash function.

Why Cryptographic Randomness Matters

Not all randomness is equal. JavaScript's Math.random() uses a deterministic pseudorandom number generator — its output is predictable given the seed, making it completely unsuitable for security-sensitive values.

This tool uses crypto.getRandomValues() exclusively, which draws entropy from the operating system — hardware timing, interrupt noise, and other genuinely unpredictable sources. The output is computationally infeasible to predict or reverse. For any value that needs to be a secret, this is the only acceptable approach.

To further eliminate modulo bias — a subtle flaw where some values appear slightly more often than others when mapping random bytes to a character set — the generator uses rejection sampling: values outside an exact multiple of the charset size are discarded and regenerated.

Understanding the Entropy Panel

Entropy is measured in bits. Each bit doubles the number of possible values an attacker would need to try. The crack time estimates assume an attacker making one billion guesses per second, which is achievable with commodity hardware attacking an unsalted fast hash (MD5, SHA-1). Against a properly salted slow hash (bcrypt, Argon2), crack times would be orders of magnitude longer.

The strength levels used by this tool:

  • Weak — below 64 bits. Avoid for any security use.
  • Fair — 64–95 bits. Acceptable for short-lived tokens; not recommended for long-lived secrets.
  • Strong — 96–127 bits. Good for most applications.
  • Excellent — 128 bits and above. Suitable for encryption keys, JWT secrets, and any high-value secret.

Note: crack time is shown for secrets and passwords. For UUIDs, crack time is not applicable — UUIDs are identifiers, not secrets, and guessing a UUID is not a relevant attack model.

Recommended Settings by Use Case

Use case Mode Settings
Application password Random 20+ chars, all character types
JWT secret (HS256) Base64url 32 bytes (256 bits)
JWT secret (HS512) Base64url 64 bytes (512 bits)
API key API Key. sk_live_ prefix, 32-char body
Database primary key UUID v7 (sortable)
Unique identifier UUID v4 (fully random)
Encryption key Hex 32 bytes (AES-256)
HMAC secret Hex or Base64url 32 bytes minimum
Memorable password Passphrase 5+ words, append number
Session token Random or Hex 32 chars / 16 bytes

Privacy

Key generation happens entirely in your browser using the Web Crypto API. No generated values, settings, or usage data are sent to any server or stored anywhere. Close the tab and the keys are gone.

Discussion

Join the discussion

Sign in to share your thoughts and engage with the community.

Sign In
Loading comments…

Users also viewed

  • YouTube Thumbnail Downloader
  • CSS
    CSS to Tailwind Converter
  • Image to Base64 Encoder
  • Markdown Editor
  • Image Resizer
  • JSON to CSV Converter
🇺🇸USD ACCOUNTOpen a free US-based USD accountReceive & save in USD — powered by ClevaSponsoredInterserver Hosting#1 VALUEAffordable, reliable hosting from $2.50/mo99.9% uptimeSponsored

More Security tools

8

YouTube Thumbnail Downloader

Download high-resolution YouTube video thumbnails.

MediaDownload YouTube Thumbnail →
CSS

CSS to Tailwind Converter

Convert plain CSS into equivalent Tailwind classes automatically.

DesignConvert to Tailwind →

Image to Base64 Encoder

Convert images into Base64 format for easy embedding.

UtilityConvert Image to Base64 →

Markdown Editor

Write and preview Markdown with real-time rendering for documentation and content.

ContentOpen Markdown Editor →

Image Resizer

New

Resize images by dimensions, percentage, or target file size. Export as JPEG, PNG, or WebP — free, browser-based.

AI & ProductivityResize Image →

JSON to CSV Converter

Convert JSON data into CSV for easy spreadsheet analysis.

Data ConversionConvert JSON to CSV →

Color Picker & Palette Generator

Select colors and get HEX, RGB, HSL values with palette suggestions.

DesignPick a Color →

Currency Converter

Convert between 150+ currencies with live exchange rates. Fast and free.

Finance & BusinessConvert Currency →
|Made with · © 2026|TermsPrivacy
AboutBlogContact

Free, open-source tools for developers and creators · Community driven