CryptoGuard

password strength analyser · v0.3.1

Your password
deserves entropy.
Not guesses.

Shannon entropy + pattern heuristics + Have-I-Been-Pwned breach check via k-anonymity. Runs entirely in your browser — nothing leaves the client.

01101 0xAF 11010 SHA-1 73 bit 0x4E 01001 pbkdf2

Passphrase Analyser

Type below — computed live in your browser

SHA-1 · entropy · k-anon

—

crack time: —

Entropy

— bits

Charset Size

—

Length

—

Generate Passphrase

Cryptographically secure via SubtleCrypto

—

Length 20

How HIBP k-Anonymity Works

Only the first 5 hex chars of SHA-1 ever leave your device

1. Local: SHA-1(password) → AABBCCDDEE…
2. Send only first 5 chars: GET /range/AABBC
3. HIBP returns ~500 hash suffixes matching AABBC
4. Client checks if DDEE… is in the response
5. Password itself never transmitted
✓ Result: true zero-knowledge breach lookup

Production API endpoint: POST /api/v1/analyze with check_breaches:true. Full spec in GitHub README.

Your passworddeserves entropy.Not guesses.

Passphrase Analyser

Generate Passphrase

How HIBP k-Anonymity Works

Your password
deserves entropy.
Not guesses.