How this works & why you can trust it

1. Real randomness (CSPRNG), never Math.random()

Every character and every word comes from the browser's Web Crypto generator, crypto.getRandomValues() — a cryptographically secure source. Math.random() is predictable and must never be used for passwords; we don't use it anywhere.

2. No modulo bias

The naive way to pick a character — random % alphabetLength — is subtly biased: unless the alphabet size divides 2³² evenly, the lower characters come up slightly more often. We avoid this with rejection sampling: draw a 32-bit number, discard it if it falls in the incomplete final block, and only then take the remainder. The result is perfectly uniform.

function randomIndex(maxExclusive) {
  const limit = Math.floor(0x100000000 / maxExclusive) * maxExclusive
  const buf = new Uint32Array(1)
  do { crypto.getRandomValues(buf) } while (buf[0] >= limit)
  return buf[0] % maxExclusive
}

The same idea guarantees "at least one of each character type": we reject and regenerate the whole password until it qualifies — we never overwrite a character afterwards, because that would reintroduce bias.

3. Nothing leaves your device

• The whole site is statically generated — there is no server to log anything.
• A strict Content Security Policy (connect-src 'self') means the page has no third-party endpoint it could send data to.
• No analytics on what you type, no password in the URL, nothing persisted. The strength checker is a type="password" field that never gets saved.
• Only your settings (length, toggles) are remembered locally — never a generated or checked password.

4. Verify it yourself

• Go offline. Disconnect your internet — generating, passphrases, and the strength meter all keep working. A logger can't phone home if the page works with no network.
• Open DevTools → Network. Generate and copy: you'll see zero third-party requests.
• Read the code. The randomness core (utils/secureRandom.ts) is small, dependency-free, and open source so anyone can audit it.