SHA-256 Generator
Strong cryptographic hash for integrity checks, fingerprints, and modern verification workflows.
Tool hub11 tools
Security & Hash Tools
Browser-based cryptographic and security utilities: SHA-256/512/1, MD5, HMAC, bcrypt, JWT decoding, JavaScript obfuscation, SSL inspection, and SQL injection probing. Every hash is computed locally — your input never leaves the page.
SHA-512 Generator
Even stronger 512-bit hash for high-security signing and forensic workflows.
SHA-1 Generator
Legacy hash for compatibility with older systems (not for new cryptographic use).
MD5 Generator
Fast non-cryptographic hash for checksums, cache keys, and file deduplication.
HMAC Generator
Keyed-hash MAC for API signatures, webhook validation, and message authentication.
Bcrypt Generator
Adaptive password hash with built-in salt. The standard for storing user passwords.
CRC32 Generator
Error-detection checksum for file integrity, ZIP/PNG metadata, and network packets.
JWT Decoder & Encoder
Decode JWT header and payload, validate signatures, encode new tokens with HS256/HS384/HS512.
JavaScript Obfuscator
Protect client-side code from casual reverse-engineering with control-flow flattening.
SSL Checker
Validate certificate chain, expiry, issuer, and SAN coverage for any HTTPS endpoint.
SQL Injection Tester
Probe a form or endpoint for common SQL injection vectors before shipping to production.
Pick the right hash for the job
The biggest source of security bugs in this category is using the wrong hash for the wrong job. Quick reference:
- Password storage: Bcrypt, scrypt, or Argon2 — never plain SHA. The whole point is that hashing must be slow.
- API request signing / webhook validation: HMAC-SHA256 with a shared secret. Provides both integrity and authenticity.
- File integrity / data fingerprinting: SHA-256. Fast enough for everyday use, no known collisions.
- High-security signing (root CA, blockchain): SHA-512 or stronger. Extra bits for forward-compatibility against future weaknesses.
- Cache keys, file dedup, non-security checksums: MD5 or CRC32. Fast, small, never use for security.
- Legacy compatibility (Git commits, older systems): SHA-1. Known weakened but still widely supported for non-adversarial use.
JWT inspection and debugging
The JWT Decoder & Encoder is the most commonly-used security tool for backend developers — JWTs are everywhere (auth tokens, short-lived API sessions, stateless service-to-service auth) and they look like opaque strings until decoded. The tool splits the token into header, payload, and signature, lets you validate against a shared secret, and lets you re-encode with new claims for testing.
Browser-only processing model
Every hash on this hub uses the Web Crypto API (SHA family, HMAC) or equivalent pure-JS implementation (bcrypt, MD5, CRC32). Nothing is uploaded to a server. Closing the tab discards your input. This is the only acceptable processing model for sensitive material like passwords, tokens, or proprietary content.
The trade-off is performance ceiling: hashing 100GB of files is faster with a CLI tool like shasum or openssl. For everyday strings, snippets, and individual files, the browser is faster end-to-end because there is no install step.
Related hubs
- Encoder/Decoder Tools — Base64, URL, HTML entities, hex, and binary encoding for adjacent workflows.
- DNS & Domain Tools — SSL Checker, WHOIS, domain age, DNS lookups for security audits.
- Developer Tools Hub — HTML, CSS, JS, TS, regex, Markdown utilities.