Unicode Password Generator & File Protector
UNIGEN
Cross-platform Python 3 desktop app for generating cryptographically strong, high-entropy Unicode passwords and protecting sensitive files with authenticated AES-256-GCM encryption.
Python 3
Tkinter GUI
400+ Unicode Chars
AES-256-GCM
PBKDF2 600K
Secure Shred
Clipboard Exclusion
Overview
UNIGEN is a single-file Python 3 desktop application that combines a high-entropy Unicode password generator with a file encryption/decryption toolkit. No install step beyond pip install cryptography — runs identically on Windows, Linux, and macOS.
Everything happens in two tabs: Password Generator for creating up to 10,000 cryptographically secure passwords from a 400+ character Unicode pool, and File Protector for AES-256-GCM authenticated encryption with PBKDF2-HMAC-SHA256 key derivation at 600,000 iterations. Includes platform-native clipboard exclusion, auto-clear timers, and multi-pass secure file shredding with no external tool dependencies.
Password Generator
∞
400+ Unicode character pool
Seven distinct sets: Latin Standard & Extended, Cyrillic, CJK & Kana, Greek, Math/Symbols & Currency, Dingbats & Misc — plus a live "Source Code" set built from every unique character in the script itself.
1–10k
Batch generation
Generate 1 to 10,000 passwords at once, 8–128 characters each. Uses Python's secrets module for cryptographically secure random selection.
📊
Live entropy feedback
Pool size, Shannon entropy (bits), and strength rating update in real time as you toggle character sets and adjust length.
🔐
Encrypt & Shred
Save your password list, encrypt it with a passphrase, verify the round-trip, then securely shred the plaintext — all in one click.
📋
Clipboard security
Platform-native clipboard exclusion prevents password-history tools from capturing copied passwords. Auto-clear timer with 5–300s delay.
File Protector
🔒
AES-256-GCM authenticated encryption
Confidentiality + integrity via the cryptography library's AEAD primitive. Tampered ciphertext fails decryption rather than returning corrupted data.
🔑
PBKDF2-HMAC-SHA256 @ 600K iterations
Unique 16-byte salt and 12-byte nonce per file. Same passphrase never produces the same key twice. Output is portable Base64-encoded .enc.
🧹
Pure Python secure shredding
3 random-data passes + 1 zero pass, fsync'd between each, followed by deletion. No dependency on Unix shred binary. Reports secure vs fallback status.
📁
General file encryption
Encrypt or decrypt any file — not just password lists. Optional "verify then shred" checkbox for one-click secure archival.
🌗
Dark / Light theme
Instant theme toggle in the header. Full UI re-theming including scrollbars and progress bars.
Clipboard Security Matrix
UNIGEN implements platform-native clipboard exclusion to prevent passwords from being stored by clipboard-history tools. Coverage degrades gracefully where native APIs are unavailable.
| Platform | Mechanism | Coverage |
| Windows | Registers ExcludeClipboardContentFromMonitorProcessing, CanIncludeInClipboardHistory, and CanUploadToCloudClipboard via Win32 API (ctypes) | Windows Clipboard History, Cloud Clipboard, and managers following the 1Password/Bitwarden/KeePass convention |
| macOS | Tags pasteboard with org.nspasteboard.ConcealedType, org.nspasteboard.TransientType, and org.nspasteboard.AutoGeneratedType via JXA/osascript | Paste, Maccy, Copied, Flycut, and other nspasteboard.org-compliant managers |
| Linux opt-in | Offers x-kde-passwordManagerHint MIME type alongside UTF8_STRING via xclip | KDE Klipper and tools mirroring its convention (e.g., KeePassXC, Bitwarden on Linux) |
Note: This is best-effort protection. GNOME clipboard extensions, generic Wayland history tools, and non-compliant managers may still capture copied content. The status bar indicates whether exclusion succeeded or fell back to a normal copy.
Installation
Python 3.8+ with Tkinter. Single script — no complex setup.
# Debian / Ubuntu
sudo apt install python3-tk
pip install cryptography
# Fedora
sudo dnf install python3-tkinter
pip install cryptography
# macOS / Windows — Tkinter bundled with Python installer
pip install cryptography
# Download and run
wget https://github.com/A113L/unigen/raw/refs/heads/main/unigen
chmod +x unigen
./unigen
Optional (Linux only):
xclip — full clipboard-manager exclusion when copying passwords. xsel or wl-copy work as plain-copy fallbacks but don't support the exclusion hint.
Character Sets
Latin (Standard) — a-z A-Z 0-9 !"#$%&'()*+,-./:;<=>?@[\]^_`{|}~
Latin (Extended) — ąćęłńóśźż äöüß èéêë īįì ôöòó œøãåáàâæçñ
Cyrillic — абвгдеёжзийклмнопрстуфхцчшщъыьэюя
Asian (CJK + Kana) — 漢字日本語中文 あいうえお アイウエオ
Greek — ΑΒΓΔΕΖΗΘΙΚΛΜΝΞΟΠΡΣΤΥΦΧΨΩ αβγδελμνξοπρςστυφχψω
Math/Symbols — ∞±≠∑∏√∫∂∆πµΩ≈≡≤≥∇ ¢£¥€₩₪₹₽฿₫₴₦₲
Dingbats & Misc — ★☆☀☁☂☃☄☠☢☣♠♣♥♦♪♫✔✖✳❄‼
All sets are combined into one deduplicated pool. Toggle individual sets to control entropy and character composition. The "Source Code" set is built live from every unique character in the script itself.
Security Architecture
Encryption
A
AES-256-GCM
Authenticated encryption — confidentiality plus integrity verification. Tampered ciphertext is rejected.
K
PBKDF2-HMAC-SHA256
600,000 iterations with a random 16-byte salt per file. Keys are never reused across encryptions.
N
12-byte nonce
Fresh nonce per encryption operation prevents IV reuse attacks.
Shredding
1
Pass 1–3: Random data
Three passes of cryptographically secure random bytes overwrite the file contents.
2
Pass 4: Zero fill
Final pass overwrites with zeros. fsync called between every pass to flush to disk.
3
Delete & report
File is unlinked. Status indicates "secure" if overwrite was verified, "fallback" if only deletion could be confirmed.
SSD / CoW caveat: On SSDs, copy-on-write filesystems (Btrfs, ZFS, APFS), or filesystems with snapshots/journaling, overwritten data can persist elsewhere on the device. Treat shredding as strong best-effort — use full-disk encryption (BitLocker, FileVault, LUKS) as your baseline.
Password Generator Workflow
Step 1
Configure parameters
Set length (8–128) and count (1–10,000) with sliders or spinboxes. Toggle character sets — entropy updates live.
Step 2
Generate passwords
Click Generate Passwords. Review the list. For batches >25, a summary view appears with download option.
Step 3
Copy, save, or encrypt
Copy All with clipboard-manager exclusion. Save to File as plaintext. Encrypt & Shred for one-click secure archival.
Step 4
Clear clipboard
Click Clear Clipboard or enable Auto-clear (5–300s) to wipe the system clipboard when done.
File Protector Workflow
Encrypt
Browse to any file, enter passphrase (min 8 chars)
Optionally check "verify, then securely shred the original after encryption". Output is Base64 .enc.
Decrypt
Browse to .enc file, enter passphrase
Click Decrypt & Save to restore original bytes to a location you choose.
Shred
Manual secure destruction
Browse to any file and permanently destroy it with the same multi-pass overwrite, independent of encryption.