Free Security & Crypto Tools

Every cryptographic primitive on this page — AES-256 encryption, PBKDF2 password hashing, HMAC signatures, secure random generation — is implemented using the Web Crypto API built into every modern browser. That's an audited, hardware-accelerated implementation maintained by the same teams that ship Chrome, Firefox, and Safari. Running it client-side means: (1) we don't see your secrets, (2) you don't trust us with the implementation (you trust your browser), (3) there's no network latency, and (4) it works offline.

NIST's current guidance: 12+ characters, no forced complexity rules, no periodic rotation, checked against breach databases. The Password Strength Tester on this page calculates entropy (the log2 of the password space your character set + length defines). 60+ bits is the minimum recommendation, 80+ bits is comfortable for sensitive accounts. The Password Generator produces 64-bit-entropy passwords by default. Pair with a password manager (Bitwarden, 1Password) — humans shouldn't memorize more than one or two strong passwords.

If you run WordPress, the Salt Generator is non-negotiable: the AUTH_KEY block in wp-config.php should be regenerated after any compromise, when removing a compromised admin, and ideally every 6-12 months. The 2FA QR Generator helps set up TOTP-based two-factor authentication using authenticator apps like Authy or Google Authenticator. The HMAC Generator validates webhook signatures from services like Stripe, GitHub, and most modern APIs — never trust a webhook without verifying its signature.