Your password is generated on your computer and not through the server. Feel free to examine the Javascript code which is not obfuscated and is easy to read.
Unlike passwordsgenerator.net, this generator is cryptographically secure. It uses window.crypto, window.msCrypto, and only Math.random for Opera. In addition, the entire set of characters is first randomly arranged server-side using a cryptographically secure method. That way even if there were a fatal flaw discovered in window.crypto, your generated password would still be secure.
This is how it works, the complete set of characters is as follows:
{ abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789 !#$%&*+-=?@^_{}[]()/`~,;:.<>\'"| }
The character set is randomly ordered server-side, for example might look like this:
{ )O(XRP1E>-+~oeBU7N][Ar*=?Ffq"DjMp0<x5!.CWu`dc34Yta\h,G};&9VsSbKyzL/{#|w6TZig8 v_QI^k'2mJ%lHn@:$ }
The server-shuffled character set is then shuffled again on pageload in javescript.
The way the password function works is that it starts with the above set of 95 typable characters. It excludes characters based on user preference, for example Space. It then generates a random number between 0 and 255. If the number is too high it's discarded and generated again. Then the letter corresponding to that number is selected, and process is repeated until the password has been built. Once this is done the password is checked for requirements, if it fails to meet the specified requirements (eg have at least one character of each type) the password is discarded and a new one generated.
Every random function used works from random bytes (8 bits). This is important because selecting a smaller range can cause bias in the number generation, and is best practise when generating random numbers. In plain English this means generating a number 0-255 and then discarding the number if it is above your highest value and re-generating another number. As there are a maximum of 95 characters the modulus can also be used, but it still means discarding any number above 189 for the full character set because otherwise you have a bias towards generating numbers 0-66. Again, passwordsgenerator.net fails to do this, their function simply asks the system using the Math.random function to generate it within the range they want - do not use passwordsgenerator.net to generate secure passwords!
The generators I found online either relied on Math.random(), or did not provide the "full set" of symbol characters, or worse both. This generator can use all "typable" characters except for some keys on the UK/European keyboard that are technically extended characters. These include the pound sterling "£", the Euro "€", the negation sign "¬", the "¦" and some vowel variations. It is possible to include them, but they can cause database errors and render your accounts unusable, therefore I have chosen not to include the option of using them. You can always add a character yourself after generating a password if you're sure it's safe to do so.
This page is in development, but should work correctly and be safe for use. Any problems or feedback can be directed to me: aractus@msn.com
Use a password manager! Keepass