Crypto Tools
Hash generators (MD5, SHA-256), secure password generator, UUID, nanoid — cryptographic utilities that run entirely in your browser.
6 tools in this category
JWT Encoder
Sign and encode JSON Web Tokens — HS256, HS384, HS512.
MD5 Hash Generator
Compute MD5 digests and HMAC-MD5 in your browser — pure JavaScript, no upload.
NanoID Generator
Generate URL-safe unique IDs with configurable length and alphabet.
Password Generator
Strong, random passwords and passphrases with entropy.
SHA-256 Hash
Compute SHA-256, SHA-1, SHA-384, SHA-512 hashes in your browser — privately.
UUID Generator
Generate UUID v1, v4, v7 — bulk and validated.
Crypto tools need to be trusted. Every hash, password, and ID generated here is computed using the browser's Web Crypto API or a battle-tested algorithm implemented in this codebase (MD5, which is not in Web Crypto because it is insecure). We do not call external services; your input never crosses a network boundary. Open the Network tab in your DevTools to verify.
Choosing a hash function
MD5 is broken for security but still useful for non-adversarial fingerprinting (cache keys, file de-duplication). SHA-256 is the modern baseline — use it for anything remotely security-sensitive. For password storage specifically, you want bcrypt/argon2 with per-user salts, which a browser tool cannot provide safely; use a dedicated library server-side.
Password generator done right
Our Password Generator uses crypto.getRandomValues, the same CSPRNG browsers use for HTTPS key generation. It does not use Math.random, which is predictable and unsuitable for security. You can choose length, character sets (lower, upper, digits, symbols), and enforce at-least-one-of-each. The entropy estimate shown is conservative (log2 of the total alphabet size per position).
UUID vs NanoID
UUID v4 is 128 bits of randomness in a fixed 36-character format. UUID v7 adds a timestamp prefix so IDs sort lexicographically by creation time — great for database primary keys. NanoID is a compact 21-character URL-safe ID with equivalent collision resistance (~149 billion IDs needed for 1% chance of collision). Pick NanoID when URL length matters (short links, form IDs). Pick UUID v7 when time-ordering matters.
Frequently asked questions
Can I use these passwords for real accounts?
Yes. The Password Generator uses `crypto.getRandomValues`, which is a cryptographically-secure RNG. It does not use `Math.random`. The passwords never leave your browser, so you can safely copy them into a password manager.
Why is MD5 still here if it's broken?
MD5 is broken against collision attacks (someone can craft two inputs with the same hash). For non-adversarial fingerprinting — cache keys, ETag generation, file dedup — it's still useful and much faster than SHA-256. We mark it clearly as non-secure in the tool.
Do you salt hashes?
No — these tools compute the raw hash of the input. For password storage you need a salted KDF like bcrypt or argon2, which is server-side work.
Are UUIDs truly unique?
UUID v4 has 122 bits of randomness. You'd need to generate ~2.7 quintillion UUIDs before a 50% collision chance. For practical purposes, yes — they're unique.