Geslar logo
Geslar

How the Generator Works

CSPRNG, 4 dictionaries and entropy explained.

Cryptographically secure generator

The Geslar generator uses CSPRNG (Cryptographically Secure Pseudo-Random Number Generator) from the Web Crypto API — the same mechanism used by banks and military systems for key generation. Every generated character is truly random.

4 Croatian dictionaries, 5,700+ words
Standard Croatian words
The most commonly used Croatian nouns, verbs and adjectives — understandable to everyone.
Kajkavian dialect
Words from the Kajkavian dialect — for users who want a local touch.
Čakavian dialect
Words from the Čakavian dialect — unique and rare, even harder to guess.
Metaphors and idioms
1,500+ Croatian metaphors and fixed expressions — more memorable than individual words.

For English: EFF Diceware dictionary (7,776 words) + English idioms. Switch between HR/EN with one click.

Entropy — measuring security

Entropy measures how unpredictable a password is. More bits = more secure. Here's a comparison:

John2024!
~28 bits of entropy. An attacker can guess this in seconds.
xK7$mP2q#R9!
~72 bits of entropy. Very strong but difficult to remember.
meadow-cloud-chocolate-chestnut
~52 bits of entropy with the Croatian dictionary. Easier to remember, and with 5 words it increases to ~65 bits.
For a master password, we recommend 4-6 words from the Croatian dictionary. That's about 52-78 bits of entropy — well above the security threshold for personal use.
How the password generator works
  1. CSPRNG generates a series of random bytes (Web Crypto API: crypto.getRandomValues()).
  2. Bytes are mapped to the selected character set (lowercase, uppercase, numbers, symbols).
  3. The "avoid similar characters" option filters out l, I, 1, O, 0 — useful when the password needs to be typed manually.
  4. The generated password is checked against the Have I Been Pwned database (k-Anonymity).
How the passphrase generator works
  1. CSPRNG generates a random index for each word.
  2. The index is used to select a word from the chosen dictionary.
  3. Words are joined with the chosen separator (hyphen, dot, space, none).
  4. An option to add a number and/or capital letter boosts entropy.
Related articles
What is a passphrase Password & passphrase generator (guide) How encryption works