Security Tools

Client-side security utilities for hashes, tokens, and passwords. Avoid pasting secrets you can’t risk exposing.

Tools in this category

Bcrypt Generator

Generate bcrypt hashes with configurable cost factor (work factor).

Hash Generator

Hash text using SHA algorithms (SHA-1/SHA-256/SHA-384/SHA-512) with hex/base64 output.

HMAC Generator

Compute HMAC signatures (SHA-256/SHA-512) with hex/base64 output.

JWT Decoder

Decode JWT header and payload (base64url) and view common claims like exp/iat/nbf.

Password Generator

Generate strong passwords using cryptographic randomness with custom rules.

Password Strength Checker

Estimate password strength and provide practical improvement tips (client-side).

Guide: passwords, hashes, and tokens

Understand the difference between hashing and encryption, when to use HMAC, why bcrypt is preferred for passwords, and how to interpret JWT claims safely.

Read the security tools guide

What each tool is for

Password generator: create long, random passwords (best stored in a password manager).
Strength checker: sanity-check weak patterns and see how length improves security.
Hash generator: create one-way fingerprints (integrity checks, identifiers).
HMAC generator: sign a message with a shared secret to detect tampering.
Bcrypt generator: hash passwords for storage (slow on purpose).
JWT decoder: inspect token claims; verification requires server-side checks.

Safe usage checklist

Avoid pasting production secrets unless you’re on HTTPS and in a trusted environment.
Prefer modern algorithms (SHA‑256/512; bcrypt for password storage).
Remember: decoding a JWT is not the same as trusting it.

For sourcing and corrections standards, see the Editorial & Accuracy Policy.

Security note

These tools are for convenience and education. For production systems, follow your organization’s security standards and threat model.