Token Generator

The Token Generator uses the Web Crypto API (window.crypto.getRandomValues()), which produces cryptographically secure pseudo-random numbers. This standard is used by banks, password managers, and security APIs worldwide. The output is unpredictable and suitable for all security-critical applications.

No. All tokens are generated exclusively in your browser — no network request or server upload takes place. The generated strings never leave your browser unless you copy them yourself.

For API keys we recommend at least 32 characters (alphanumeric), ideally 64. A 64-character alphanumeric string provides over 380 bits of entropy — far more than required for practical security (128 bits is considered sufficient). For passwords, 16–20 characters with all character sets enabled is more than adequate.

Entropy measures the randomness of a token. It is calculated as length × log₂(character pool size). From 128 bits, a token is considered cryptographically secure against brute-force attacks. From 256 bits, it is practically uncrackable — even with all the computing power on Earth, an attack would take longer than the age of the universe.

API Key (64 chars, alphanumeric): Ideal for authentication tokens, webhook secrets and session IDs. Password (20 chars, all sets): Maximum password complexity for account passwords. PIN (6 digits): Numeric codes for SMS verification. Hex Token (32 chars, 0-9 + a-f): Compatible with systems that expect hexadecimal tokens.