JPKCom DB

Generator

Generate secure passwords, salt/WordPress/WLAN keys, APR1-MD5, BCrypt and Argon2 hashes, and TOTP codes — your starting point for the manual, examples, and tips.

One toolbox for passwords, keys, and codes

The Generator bundles the recurring chores of admin and developer life in one place: create a strong password, generate cryptographic keys for a config file, compute a password hash for a .htpasswd or an application, or set up two-factor authentication (2FA) via TOTP. Instead of opening five different pages for that, you click through seven tabs in a single interface.

It's built for administrators securing WordPress, server, or Wi-Fi access; for developers who need a quick BCrypt or Argon2 hash to test against; and for anyone who wants a genuinely random password or a TOTP code for their authenticator — no account, no install, right in the browser.

What the Generator produces

The interface is organized into seven tabs:

  • Passwords — random passwords in four character-set tiers (from "lots of specials" down to "hex only"), plus an Apple-style option (pronounceable, memorable), up to 64 characters.
  • Salt — cryptographic salt keys with an extended character set, length 16 to 1024.
  • WordPress — the eight security keys for wp-config.php as ready-made define() lines, plus an Extreme Keys mode using hash_hmac(), rotation, and dynamic server variables.
  • WLAN — WPA/WPA2-capable keys (20 to 63 characters), with or without specials.
  • APR1-MD5 — a password plus its APR1-MD5 hash in $apr1$ format for Apache .htpasswd files.
  • HashesBCrypt, Argon2i, and Argon2id from your own (or a generated) password, with selectable cost factor and Argon2 memory.
  • OTPTOTP one-time codes per RFC 6238: Base32 secret, otpauth:// key URL, QR code, and a live ticker with previous/current/next.

Architecture: partly server-side, partly in the browser — and that matters

The Generator is deliberately split, and for privacy it pays to know the difference:

  • Server-side (via a PHP API, returned over HTTPS) are the plain random values: the random passwords (except the Apple-style one), the salt keys, the WordPress keys, the WLAN keys, and the APR1-MD5 block. The server uses a cryptographically secure random generator (random_int() / random_bytes()); responses are served with no-cache headers so nothing is cached.
  • Entirely in the browser (the value you enter never leaves your machine) are the most sensitive operations: the Apple-style password (via the Web Crypto API), the BCrypt/Argon2 hashes (computed locally via WebAssembly), and the whole TOTP generator (secret, codes, and QR code are produced locally).

In concrete terms: when you enter your own password in the Hashes tab and hash it, that password is not sent to the server — the computation happens entirely in your browser. The same goes for your TOTP secret. The server-side random values are fresh, unstored one-off values; if you want to be extra cautious, you can tweak them locally after copying.

Try it now

→ Open the Generator — pick a tab, set the options, generate, copy. No account, free, right in the browser.

  • Hash Generator — compute MD5, SHA-1, SHA-256, SHA-512, and RIPEMD-160 from arbitrary text when you need a plain checksum rather than a password hash.
  • Cryptor — symmetrically encrypt and decrypt text and files.
  • UUID Generator — create unique identifiers (UUIDs) when you need an ID rather than a secret key.
  • PKI Viewer — inspect X.509 certificates, keys, and CSRs.

There's more on the subpages: the manual with every tab and parameter, examples for common workflows, and a collection of tips & tricks.