Free Security Tools — Password Generator, Hash & JWT Tools
Generate strong random passwords, compute MD5/SHA-256/SHA-512 hashes, decode JWT tokens, and create fake test data — all security-critical operations that run exclusively in your browser with zero server contact.
All Security Tools
Password Generator
Create strong, secure passwords with custom rules.
SecurityHash Generator
Generate MD5, SHA-1, SHA-256, and SHA-512 hashes.
SecurityJWT Generator
Generate signed JWT tokens with custom headers, payload, and secret.
SecurityText Encryptor / Decryptor
Encrypt and decrypt text with AES-256 using the Web Crypto API.
SecurityAbout Security Tools
Security tools need to be trustworthy by design, and the most trustworthy design is one where your data never leaves your device. Every tool in this security category processes your input entirely in your browser using the Web Crypto API and well-audited open-source libraries.
The Password Generator creates cryptographically random passwords of any length, with full control over which character sets to include: uppercase letters, lowercase letters, numbers, and symbols. A built-in strength indicator shows you how strong your generated password is in real time.
The Hash Generator computes MD5, SHA-1, SHA-256, and SHA-512 hashes for any text input or file. It also supports HMAC with a secret key. These tools are useful for verifying file integrity, storing password hashes in development, and comparing checksums.
The JWT Decoder parses any JSON Web Token and displays the decoded header, payload claims, and expiry time in a readable format. It works entirely offline — your token is never sent to a server, making it safe to use with real tokens from your staging and production environments.
All security tools are built to the principle of least privilege: they request no permissions, store nothing, and transmit nothing.
Frequently Asked Questions
Are generated passwords stored anywhere?
No. Passwords are generated using the browser's Web Crypto API and exist only in your current browser tab. They are never sent to any server or logged anywhere.
How random are the generated passwords?
Passwords are generated using `crypto.getRandomValues()`, a cryptographically secure random number generator built into every modern browser. This is the same standard used by password managers.
What hash algorithms are supported?
The Hash Generator supports MD5, SHA-1, SHA-224, SHA-256, SHA-384, and SHA-512, as well as HMAC variants for all SHA algorithms.
Is it safe to paste a real JWT token into the JWT Decoder?
Yes. The JWT Decoder runs entirely in your browser and never sends your token to any server. It is safe to use with tokens from any environment, including production.
Can anyone else verify my hash output?
Hashes are deterministic — anyone who hashes the same input with the same algorithm will get the same output. This is by design and is how hash verification works.