密碼產生器
免費安全密碼產生器,基於 Web Crypto CSPRNG 安全隨機源,生成隨機強密碼、易記口令和數字 PIN,支援強度檢測、批量匯出,瀏覽器本機生成。
免費安全密碼產生器,基於 Web Crypto CSPRNG 安全隨機源,生成隨機強密碼、易記口令和數字 PIN,支援強度檢測、批量匯出,瀏覽器本機生成。
Math.random() is a general PRNG not designed for security — its internal state can potentially be reverse-engineered. crypto.getRandomValues() uses the OS-level CSPRNG, producing unpredictable randomness suitable for passwords and keys.
No. All passwords are generated locally in your browser. Strength analysis, entropy calculation, and crack time estimation all run client-side. DevTools Network tab confirms zero requests.
At least 12 characters with mixed case, digits, and symbols. A 16-character random password would take billions of years to brute-force at modern speeds. See the crack time table above.
Per-character, random passwords have higher entropy. But passphrases (4-6 truly random words) achieve 60+ bits of entropy and are much easier to remember. The key is truly random word selection, not self-invented phrases.
These look similar in many fonts and cause input errors. If passwords are typed manually, read over phone, or printed, exclude them. If used only via password manager, keep all characters for higher entropy.
Per NIST SP 800-63B, regular password rotation is NO longer recommended unless compromise is confirmed. Forced rotation leads users to choose weak passwords or write them down. Better: long random passwords + password manager + 2FA.
Entropy measures unpredictability in bits. Entropy = log₂(character_pool_size ^ length). A 16-char password from 94 printable ASCII chars has ~104 bits, meaning an attacker averages 2¹⁰³ guesses — about 200 billion years at 1 trillion guesses/sec.
密碼產生器使用 CSPRNG(密碼學安全隨機數生成器)從字符池中隨機選取字元,避免人類設密的可預測模式(名字+生日、鍵盤連按等)。
不能用 Math.random()——普通隨機數內部狀態可被反推。本工具使用 crypto.getRandomValues() 呼叫作業系統級 CSPRNG。
密碼強度的核心是熵值:log₂(字元池^長度)。16位隨機密碼熵值約 104 bit,暴力破解需約 2000 億年。
易記口令(Passphrase)由多個隨機單字組成,熵值足夠且更容易記憶,即 Diceware/XKCD 方法。
所有密碼在瀏覽器本機生成,資料不上傳伺服器。
| Length | Entropy(bit) | Combinations | Crack Time (1T guesses/sec) | Rating |
|---|---|---|---|---|
6 chars | ~37 | ~139 billion | < 1 second | ❌ Very weak |
8 chars | ~52 | ~2.2×10¹⁴ | ~2.5 days | ❌ Weak |
10 chars | ~65 | ~3.7×10¹⁸ | ~116 years | ⚠️ Fair |
12 chars | ~78 | ~6.1×10²² | ~1.9 million years | ✅ Strong |
16 chars | ~104 | ~6.3×10³⁰ | ~200 billion years | ✅✅ Very strong |
20 chars | ~131 | ~6.7×10³⁸ | Trillions of universe ages | ✅✅✅ Unbreakable |
| Mode | Example | Typical Entropy | Memorability | Best For |
|---|---|---|---|---|
| Random Password | xK9#mP2$vL8@nQ4! | ~6.5bit/char | Poor | Password-manager stored main passwords, DB passwords, API keys |
| Memorable Passphrase | Brave-Cloud-Star42 | ~10bit/word | Good | Wi-Fi passwords, login passwords requiring manual entry |
| Numeric PIN | 482917 | 3.3bit/digit | Good | Device lock screen, bank card PIN, one-time codes |