$ crypto/tools
Free, Browser-Based Encryption & Security Utilities — Your Secrets Never Leave the Browser
› Password Generator
Generate strong, cryptographically random passwords of any length.
› Password Strength Checker
Estimate how long it would take to crack your password using zxcvbn.
› UUID Generator
Generate v1, v4, or v7 UUIDs for databases, distributed systems and APIs.
› Bcrypt Hash Generator
Hash and verify passwords using bcrypt, the standard for password storage.
› JWT Decoder
Decode and inspect the header and payload of any JSON Web Token.
› AES Encryption
Encrypt and decrypt text using AES with a passphrase, entirely in your browser.
## Why Use Crypto Tools Online?
Your Secrets Stay Local
Passwords, JWTs, and ciphertext are processed entirely in your browser. Nothing is sent to any server — these are exactly the values you cannot afford to leak.
Instant Results
UUIDs, password strength scores, and bcrypt hashes are computed locally with no network round-trip. Feel free to test passwords you actually use.
Completely Free
Every tool on this site is free to use with no account required, no credit system, and no rate limits beyond what your browser can compute.
Vetted Libraries
Built on widely audited open-source primitives: crypto.getRandomValues, zxcvbn (Dropbox), bcryptjs, crypto-js and jwt-decode (Auth0).
True Randomness
Password and UUID generation use the browser's cryptographic crypto.getRandomValues — the same primitive your browser uses for HTTPS.
Works on Any Device
Fully responsive and optimized for desktop, tablet, and mobile. Use any modern browser — no plugin, no installer, no signup.
## Sample Session
## Cipher Quick Reference
A field guide to the primitives you can run on this page. Pick the right tool for the job.
| # Algorithm | Key / Cost | Output | Use Case | Reversible |
|---|---|---|---|---|
AES-256-CBC |
256-bit key | Ciphertext | Confidential data, message encryption | yes |
bcrypt |
cost 4–14 | 60 chars | Password storage, login hashes | no |
SHA-256 |
— | 64 hex | File integrity, checksums | no |
MD5 |
— | 32 hex | Legacy fingerprints (NOT for security) | no |
UUID v4 |
122-bit random | 36 chars | Database keys, unique identifiers | n/a |
JWT (HS256) |
shared secret | 3 base64 parts | Stateless auth tokens | decode-only |
Base64 |
— | ≈ 4/3 input | Binary-safe transport (NOT encryption) | yes |
## Who Uses Crypto Tools Online?
Generate UUIDs for primary keys, mint bcrypt hashes for seed data, decode customer-support JWTs without sending them to a third-party.
Audit password strength, generate strong unique secrets for service-to-service auth, and inspect tokens during incident response.
Inspect bcrypt cost behavior, see real zxcvbn output, and watch ciphertext change on every AES encryption — great for learning by experimentation.
Generate passwords and assess strength without trusting any online "password meter" with your actual secrets.
## Frequently Asked Questions
Are these crypto tools really free?
Yes, completely free. There are no premium tiers, no credits to purchase, and no account required.
Are my passwords or tokens sent to a server?
No. Generation, hashing, decoding, and encryption all happen in your browser using JavaScript. Nothing is transmitted, and no value ever appears in a network request.
How random are the generated passwords and UUIDs?
True cryptographic randomness from crypto.getRandomValues — the browser primitive used for HTTPS key material. There is no PRNG seeding or weakness in the path.
Does the JWT Decoder verify signatures?
No — verification requires the issuer's public key, which is a server concern. This tool decodes header and payload so you can debug claims locally.
Is AES encryption here suitable for sensitive data?
It is suitable for casual obfuscation of short messages with a strong passphrase. For high-stakes data (legal, medical, regulatory) use vetted applications such as age or GPG with proper key management.
Can I use these tools on my phone or tablet?
Yes. All tools are fully responsive and work on any modern mobile browser.