Fractional IT ← Back to fractionalit.io
Password & Key Generator

Strong, one-off keys —
made on your machine.

Every string below is drawn from your browser's cryptographically secure random number generator the moment this page loads. Nothing is generated on a server and nothing leaves this tab — close the page and these strings are gone for good, known only to you.

64 hexadecimal characters · 0–9 A–F
256 bits of entropy
63 printable ASCII characters · symbols included, no spaces
≈412 bits of entropy
63 alphanumeric characters · a–z A–Z 0–9
≈375 bits of entropy
or just reload the page — either way, new entropy every time. Tip: highlight part of a password, then hit COPY to grab just that piece.

Why these are safe to use

These strings come from crypto.getRandomValues(), the same cryptographically secure random source your browser uses for TLS session keys. Each character is chosen independently with equal probability (using rejection sampling, so no character set introduces statistical bias). That makes the strings maximum-entropy: there is no pattern to exploit, no dictionary that contains them, and no shortcut for an attacker beyond brute force over an astronomically large space.

Because generation happens entirely in your browser, there is no server that ever saw your password, no network transmission to intercept, and no log to leak. You can even load this page once, disconnect from the internet, and generate keys fully offline.

What to use each format for

Hex (256 bits) — ideal wherever raw keying material is accepted: Wi-Fi WPA pre-shared keys entered as 64 hex digits, VPN shared secrets, API signing keys. You can also slice off a shorter prefix; any substring is just as random as the whole.

Printable ASCII — the densest passphrase format. Use it where the full symbol set is accepted, such as password-manager master entries or WPA passphrases on modern equipment.

Alphanumeric — for systems that choke on symbols. Slightly fewer bits per character, but at 63 characters it is still unimaginably far beyond brute-force reach.

A note on length

For keys you configure once and never retype — router passphrases, VPN secrets — use the longest string the device accepts. Length costs you nothing after setup, and every added character multiplies an attacker's work.