Browser-Based Passphrase Generator — Web Crypto API, No Server, No Upload

The most important security property of a passphrase generator is that the passphrase never leaves your device. If a generator runs on a server, that server theoretically sees every passphrase it produces. If it logs them, an attacker who breaches the server gets all of them. The only way to be sure is to use a generator that runs entirely in your browser using cryptographic randomness — like the Web Crypto API.

How a server-based generator works (and why it's risky)

The typical "online passphrase generator" flow:

1. You visit the website
2. You click "Generate"
3. Your browser sends a request to the server
4. The server picks random words from its word list
5. The server sends the passphrase back to your browser
6. You see the passphrase

The risk: the server saw your passphrase. Even if the operator promises not to log it, you have to trust them. Even if the operator is honest, an attacker who compromises the server could log future passphrases without anyone noticing.

How a browser-based generator works

The Bison Passphrase Generator flow:

1. You visit the website (HTML and JavaScript download)
2. The page loads, including a 2048-word list and the generation logic
3. You click "Generate"
4. Your browser's JavaScript runs crypto.getRandomValues()
5. The script picks words from the embedded list
6. You see the passphrase
7. Nothing is sent back to the server

The passphrase exists only in your browser's memory. When you close the tab, it's gone.

What is the Web Crypto API?

The Web Crypto API is a standard browser feature implemented in every modern browser (Chrome, Firefox, Safari, Edge, Brave, Opera, etc.). It provides cryptographic primitives:

• crypto.getRandomValues() — true random number generator
• crypto.subtle.encrypt() — symmetric encryption (AES, etc.)
• crypto.subtle.sign() — digital signatures
• crypto.subtle.digest() — hashing (SHA-256, etc.)

For passphrase generation, only crypto.getRandomValues() matters. It returns cryptographically strong random numbers suitable for security-sensitive use.

Web Crypto vs Math.random()

JavaScript has two random number generators. Most code uses Math.random(), which is fine for animations, game logic, and other non-security uses. But it's NOT suitable for password generation because it's predictable.

Property	Math.random()	crypto.getRandomValues()
Type	Pseudo-random	Cryptographically strong
Predictable from seed	Yes	No
Suitable for passwords	No	Yes
Uses hardware entropy	No	Yes
Speed	Fast	Slightly slower
Available everywhere	Yes	Yes (modern browsers)

The difference matters. Math.random() in V8 (Chrome's JavaScript engine) uses an xorshift128+ algorithm seeded at startup. If an attacker knows the seed, they can predict every "random" number. crypto.getRandomValues() uses kernel-level entropy sources and cannot be predicted from any seed.

How to verify the Bison Generator uses Web Crypto

You don't have to take our word for it. To verify:

1. Open the passphrase generator page
2. Right-click → View Page Source
3. Find the rng() function in the JavaScript
4. You'll see crypto.getRandomValues(a) — that's the Web Crypto API call

The full random number generator function is:

function rng(max) {
  var a = new Uint32Array(1);
  crypto.getRandomValues(a);
  return a[0] % max;
}

This is the entire randomness source. It generates a 32-bit random number using the Web Crypto API and returns it modulo the word list size. Genuine cryptographic randomness, generated locally.

How to verify nothing is sent to a server

1. Open the passphrase generator page
2. Press F12 to open browser developer tools
3. Go to the Network tab
4. Click "Clear" to clear the network log
5. Click "Generate New" 5-10 times
6. Look at the Network tab

You should see ZERO new requests when you click Generate. The only network requests are the initial page load (HTML, CSS, JS, fonts) and a Google Analytics ping that fires once on page load (which doesn't include any passphrase data).

If you see any new requests when clicking Generate, the generator is not browser-only. Don't use it.

Other privacy properties to verify

• HTTPS only. The page must load over HTTPS to prevent network-level interception. Check the lock icon in your browser's address bar.
• No third-party scripts. Some "free" tools load JavaScript from sketchy CDNs that could log inputs. Verify the script tags are from your trusted domain.
• No cookies tied to your identity. The page may set preference cookies (e.g., remember your default word count) but should not set tracking cookies.
• No fingerprinting. Some "privacy-focused" sites use browser fingerprinting to track users. The Bison Generator does not.

Why this matters for high-stakes passphrases

For most accounts, the difference between a server-side and browser-side generator is theoretical — you trust the website not to log your password. But for high-stakes passphrases (password manager master, full disk encryption, crypto wallet), the threat model is real. A compromised server-side generator could leak millions of passphrases over time without anyone noticing.

For these high-stakes cases, a browser-only generator is the only safe choice. The passphrase exists only in your browser's RAM, only for as long as you keep the tab open. Close the tab and it's gone forever — even from your own machine.

Open source alternatives

If you want even more verifiability, several open source passphrase generators are publicly auditable:

• Bitwarden's generator — full source on GitHub, used by millions
• KeePassXC — fully local, open source desktop app
• EFF Diceware tool — Python script you can run yourself

The Bison Passphrase Generator is not open source in the sense of having a public GitHub repo, but the JavaScript is intentionally not minified — you can read every line in the page source. This gives you the same auditability without needing to clone a repo.