Skip to main content


Password Strength Testing Tool -

Password Generators


Min 8, max 64. See

Don't use MD5 and SHA-1 for passwords

Use other hash functions that require more compute power (ie which are slower).

Password salt

Even if 2 users use the same password, since the salt is different, the resulting hash will be different. This means that to get the password from the hash we need to generate a rainbow table for each salt.

Salts must be:

  • long enough to make impractical to brute force or generate rainbow tables
  • truly random

See 'Salts Will Not Help You':

How to securely hash passwords? -


Does bcrypt have a maximum password length? -

Password max length with bcrypt, blowfish -