JPKCom DB

Generator — Examples

Hands-on runs with the Generator: a strong password, a BCrypt/Argon2 hash, WordPress keys, APR1-MD5 for .htpasswd, and setting up TOTP 2FA.

Back to the overview: Generator · Open the tool live: www.jpkc.com/tools/generator/

The manual explains every tab and parameter. This page adds concrete workflows: common tasks, step by step. The interface is in English, so the tab and button names match the tool. All values shown are examples; your results will be different random values every time.

Example 1: Generate a genuinely strong password

You need a password for a new account.

  1. Open the Generator; the Passwords tab is already active.
  2. Set Complexity to a-z + A-Z + 0-9 + more specials (full entropy). If the target system dislikes specials, choose less specials instead.
  3. Set Length to a generous value — 24 is the default; for highly sensitive accounts go to 32.
  4. Click Generate Password. You get something like T7v§ka-2Rm!eW9qZ$ub#Lp4x (example). Use Copy to put it on the clipboard.

If you need to remember the password (for a master login, say), pick Apple-style instead: the interface then shows Blocks rather than length. With 4 blocks you get a pronounceable, easy-to-type password like kibavu-se4iRo-pomuky-tazfeb (example) — with exactly one digit and one uppercase letter.

Example 2: A BCrypt hash for an existing password

You want to store a password as a BCrypt hash in an application or database.

  1. Switch to the Hashes tab.
  2. Type your password into the Password field — or click Generate for a random one. (Your own password never leaves the browser; hashing is done locally via WebAssembly.)
  3. Choose a work factor under BCrypt Cost. 10 (default) is a solid default; 12 (slow, ~3–8s) for higher security if the login latency is acceptable.
  4. Click Hash. After a short computation, the BCrypt field shows a value like $2b$10$N9qo8uLOickgx2ZMRZoMy… (example) — copyable via the clipboard icon.

The hash is in encoded format and carries the algorithm, cost, and salt; an application can verify it directly against a submitted password.

Example 3: An Argon2id hash with OWASP memory

Argon2id is today's preferred choice for new systems.

  1. In the Hashes tab, enter the password (or generate one).
  2. Leave Argon2 Memory at the default 64 MB (OWASP) — that matches a common OWASP recommendation. For weaker hardware use 16 MB, for especially sensitive data 256 MB (slow).
  3. Click Hash. The tool computes BCrypt, Argon2i, and Argon2id in parallel; the Argon2id field shows a value like $argon2id$v=19$m=65536,t=3,p=1$… (example).
  4. The info line below confirms the parameters: iterations=3, memory=64 MB, parallelism=1, hashLength=32.

So you get three hashes at once and can pick the right one for your system.

Example 4: WordPress security keys for wp-config.php

When setting up or hardening a WordPress install.

  1. Switch to the WordPress tab.
  2. Leave Key Length at 64 (default) — that's more than enough.
  3. Click Generate Keys. You get a finished block of eight define() lines (AUTH_KEY, SECURE_AUTH_KEY, … NONCE_SALT).
  4. Copy and paste the eight lines into wp-config.php (replacing the placeholder lines there). All logged-in sessions become invalid in the process — that's normal and intended when you rotate keys.

If you need hardened, rotating keys, click Extreme Keys instead: the panel opens with options for rotation and dynamic components. Mind the warning — IP switches, browser updates, or the rotation interval will then log users out automatically.

Example 5: APR1-MD5 for a .htpasswd file

You want to protect a directory with Apache Basic Auth.

  1. Switch to the APR1-MD5 tab.

  2. Choose Complexity (e.g. less specials so the password is easy to pass along) and Length (e.g. 16).

  3. Click Generate APR1-MD5. The output contains both:

    Password:
gT4m-xQ7vap.Rk2w

APR1-MD5:
$apr1$f3a9c1d2$Yl8…

    (Example values.)

  4. Give the plaintext password to the person who should log in. Put the $apr1$ hash together with the username into the .htpasswd, e.g. webuser:$apr1$f3a9c1d2$Yl8….

Example 6: Set up two-factor authentication via TOTP

You want to add a TOTP code to your authenticator, for a service or for testing.

  1. Switch to the OTP tab.
  2. Enter the identifier under Account Name (e.g. the email address) and the service name under Issuer (it later appears as the heading in the authenticator).
  3. A Secret (Base32) is already prefilled; click Generate for a new one if needed. Leave Interval at 30 seconds (the default for most services).
  4. Scan the QR code with your authenticator app — or copy/open the Key URL (otpauth://…). Use Save QR Code to keep the code as a PNG.
  5. Compare the code shown in the app with the Current OTP field: they must be identical. The Remaining display counts down the seconds left, and Previous/Next show the code before and after.

Important: the secret is the actual sensitive material — keep it safe (it is created and stays entirely in your browser). Anyone with the secret can generate valid codes.

There's more depth elsewhere: the overview for the big picture, the manual for every parameter, and the tips & tricks for strategy and pitfalls. You can try everything directly in the tool.