Network Tool
Password Generator & Secure Share
Generate strong passwords and share secrets via one-time, end-to-end encrypted links. AES-256-GCM encryption runs entirely in your browser — the key never leaves your device.
Password Generator
Secure Share
Enter any secret below. It is encrypted in your browser with AES-256-GCM before being sent — the key never leaves your device. The recipient gets a one-time link that expires automatically.
This free password generator creates cryptographically strong random passwords using the browser's built-in CSPRNG (crypto.getRandomValues), so no randomness is ever sourced from a predictable algorithm. The secure-share feature lets you transmit a generated password to a colleague using AES-256-GCM end-to-end encryption — the decryption key lives exclusively in the URL fragment and is never sent to any server. Everything runs in your browser.
Length beats complexity — why entropy is what matters
Password strength is measured in bits of entropy: each additional character multiplies the search space an attacker must cover. A 16-character password drawn from a 94-character printable-ASCII set has ~105 bits of entropy — brute-forcing that at 100 billion guesses per second would take longer than the age of the universe. Arbitrary complexity rules ("must include a symbol") add only a few bits; going from 12 to 20 characters adds far more. Generate at least 16 characters for service accounts and 20+ for privileged credentials.
Why a CSPRNG matters
A cryptographically secure pseudorandom number generator (CSPRNG) is seeded from OS-level entropy — hardware interrupts, timing jitter, and similar unpredictable sources. The Web Crypto API exposes this as crypto.getRandomValues(), which is what this generator uses. Math.random(), by contrast, is a deterministic PRNG not suitable for security use: its internal state can be reconstructed from a short sequence of outputs. Never use Math.random() to generate passwords or tokens.
How secure share works — the URL fragment trick
When you share a password via the secure-share feature, the plaintext is encrypted with AES-256-GCM using a key derived in the browser. The ciphertext is stored server-side, but the decryption key is appended to the share URL after the # (hash fragment). Browsers do not include the fragment in HTTP requests, so the server receives only the ciphertext ID — never the key. The link enforces one-time view and a configurable TTL, so the ciphertext is deleted after first access or expiry.
Frequently asked questions
How long should a password be?+
16 characters is a reasonable minimum for most accounts; 20+ for anything privileged. Length increases entropy faster than character-set expansion — every additional character multiplies the search space by the size of the character set.
Is it safe to share passwords this way?+
Yes. The password is encrypted with AES-256-GCM before leaving your browser. The decryption key is only in the URL fragment, which browsers never send to the server — so even if the server were compromised, an attacker would only have unintelligible ciphertext.
What does end-to-end encrypted mean here?+
Encryption and decryption both happen in the browser. The server stores only the AES-256-GCM ciphertext — it has no access to the key and therefore cannot decrypt the password.
Can NextHop see my password?+
No. The decryption key is in the URL fragment, which is never transmitted to the server in any HTTP request. NextHop stores only the encrypted ciphertext and has no way to recover the plaintext.
What happens after the link is opened or expires?+
The ciphertext is deleted from the server on first view or when the TTL expires, whichever comes first. After that, the link returns a 404 — there is nothing left to decrypt.