Security tools — hashing, tokens, passwords, passphrases
Hashing, tokens, and password tools.
Security tools belong in a context where you can trust the runtime. Pasting a JWT into a random web app, hashing a sensitive string on a remote server, or generating a password or passphrase through a service that quietly logs the result — these are all ways to leak the very secret you are trying to handle.
Every security tool here runs entirely in your browser. The JWT decoder shows you the header and payload of any token without ever sending it anywhere — and it deliberately does not offer signature verification, because that would require pasting the signing secret into a web tool, which is exactly the move that turns a debugging session into an incident.
The hash generator uses the browser's built-in Web Crypto API for SHA-1, SHA-256, SHA-384, and SHA-512, with a tiny inline MD5 implementation for legacy interop. The password generator and the Diceware passphrase generator both use cryptographically-secure random sampling (`crypto.getRandomValues`, not `Math.random`) with rejection sampling to eliminate modulo bias. Diceware uses the official EFF short wordlist (1,296 words, ~10.34 bits per word) and shows honest entropy in bits so you can verify the math yourself. Strong defaults, no surprises, no telemetry.
4 tools in this category
- JWT DecoderDecode JSON Web Tokens (JWT) online. Inspect header, payload and signature — entirely client-side, your tokens never leave your browser.
- Hash GeneratorGenerate MD5, SHA-1, SHA-256 and SHA-512 hashes online. Free, fast and 100% client-side — your input never leaves the browser.
- PasswordGenerate strong, secure passwords online. Customize length and character sets — runs entirely in your browser, nothing is sent to a server.
- DicewareGenerate strong, memorable passphrases using the EFF short wordlist. Cryptographically random, shows entropy in bits. Runs in your browser.