Encryption, decryption, and hash generation tools
Generate MD5 and MD4 hash values for text or files with multiple output formats
Online SHA hash generator supporting SHA-1, SHA-256, SHA-384, SHA-512 algorithms
Securely encrypt and decrypt text using AES algorithm
Decode, verify, and generate JSON Web Tokens with support for multiple signing algorithms
Generate HMAC authentication codes with MD5, SHA-1, SHA-224, SHA-256, SHA-384, SHA-512, SHA3, and RIPEMD-160 algorithms
Use RSA asymmetric encryption for public key encryption, private key decryption, digital signing and verification
Encrypt and decrypt using DES and 3DES algorithms with multiple modes and padding options
Fast symmetric block cipher with variable key length (32-448 bits), designed by Bruce Schneier
AES finalist symmetric cipher with 128-bit blocks and 128/192/256-bit keys, designed by Bruce Schneier
Generate BLAKE2b, BLAKE2s, and BLAKE3 hashes for text and files, fast and secure hashing algorithms
Generate and verify secure password hashes using Bcrypt, Scrypt, and Argon2 algorithms
Calculate CRC-8, CRC-16, CRC-32, CRC-64 checksums with support for Modbus, CCITT and other protocol standards
Calculate Adler-32 checksums for text and files, fast checksum used in zlib/gzip compression
Generate RIPEMD-128/160/256/320 hashes for text and files, RIPEMD-160 widely used in Bitcoin
Generate 512-bit Whirlpool hashes using Whirlpool-0, Whirlpool-T, and Whirlpool ISO standard algorithms
Generate Snefru-128/256 hashes for text and files, early cryptographic hash function by Ralph Merkle
Generate HAS-160 hashes, Korean cryptographic standard for KCDSA digital signatures
Extremely fast non-cryptographic hash supporting xxHash32, xxHash64, xxHash3, and xxHash128
Generate SHA3-224/256/384/512 and Keccak hashes with WebAssembly acceleration, used in Ethereum
High-performance non-cryptographic hash function for hash tables, Bloom filters, and data partitioning
Fowler-Noll-Vo hash function with FNV-1 and FNV-1a variants, used in DNS, hash tables and data structures
Generate GOST R 34.11-94 and Streebog (GOST R 34.11-2012) hashes, Russian national cryptographic standards
Chinese national standard cryptography tools supporting SM2 public key cipher, SM3 hash, and SM4 block cipher
Cryptography is the practice of using mathematical algorithms to secure data against unauthorized access and manipulation. This category covers essential cryptographic operations including symmetric encryption (AES, DES, Blowfish, Twofish), asymmetric encryption (RSA), hashing algorithms (MD5, SHA, BLAKE), HMAC for authentication, and JWT for secure token generation. These tools are fundamental to protecting sensitive information in applications, APIs, databases, and data transmission. Modern cryptography provides confidentiality through encryption, integrity through hashing, and authenticity through digital signatures. Understanding when and how to use each cryptographic algorithm is critical for building secure systems. This guide covers algorithm selection, key management best practices, security considerations, and common pitfalls to avoid.
Advanced Encryption Standard (AES) is the industry standard for symmetric encryption, used by government agencies and enterprises worldwide. It supports 128, 192, and 256-bit key sizes, with AES-256 providing quantum-resistant security for highly sensitive data.
RSA is a public-key cryptosystem enabling secure communication without prior key exchange. Essential for HTTPS, digital signatures, and asymmetric encryption scenarios where parties haven't met before.
SHA (Secure Hash Algorithm) family provides cryptographic hash functions for data integrity verification, password storage, and digital signatures. SHA-256 and SHA-3 are recommended for new applications.
| Algorithm Type | Description & Use Cases |
|---|---|
| Symmetric Encryption (AES, DES, Blowfish) | Uses single shared key for both encryption and decryption. Fast and efficient for large data volumes. Examples: AES-256, DES (deprecated), Blowfish. Best for: Database encryption, file encryption, local data protection. Drawback: Key distribution challenge. |
| Asymmetric Encryption (RSA) | Uses public key to encrypt and private key to decrypt. Enables secure communication without key pre-sharing. Best for: HTTPS, digital signatures, key exchange. Drawback: Slower than symmetric encryption, suitable for small data. |
| Hashing (MD5, SHA, BLAKE) | One-way function producing fixed-size fingerprint of data. Cannot be reversed to original data. Used for integrity verification and password storage. Examples: SHA-256, SHA-3, BLAKE2. Avoid: MD5 (collision vulnerabilities). |
| HMAC (Hash-based Message Authentication Code) | Combines hashing with a secret key to verify both integrity and authenticity. Essential for API authentication and message verification. Supports any hash algorithm (HMAC-SHA256, HMAC-SHA512). |
| JWT (JSON Web Tokens) | Compact, URL-safe token format for stateless authentication and information exchange. Contains header, payload, and signature. Use RS256/ES256 for asymmetric signing, HS256 only for trusted parties. |
| SM Cryptography (Chinese Standard) | Chinese national cryptographic standards including SM2 (asymmetric), SM3 (hashing), SM4 (symmetric). Used in China-compliant systems. SM2 provides similar security to RSA-2048 with 256-bit keys. |
Use AES-256 for symmetric encryption, RSA-2048+ or ECC for asymmetric encryption, SHA-256+ or SHA-3 for hashing. Avoid deprecated algorithms: MD5 (collisions), SHA-1 (weaknesses), DES (56-bit keys), RC4. Check NIST recommendations for compliance requirements.
Generate keys using cryptographically secure random generators. Store keys securely (hardware security modules, key vaults, never hardcode). Rotate keys regularly (annually recommended). Use different keys for different purposes. Never log or expose keys in error messages.
For sensitive data, use AES-GCM (Galois/Counter Mode) providing both encryption and authentication. Never use ECB mode (encrypts identical plaintext blocks identically). Avoid unauthenticated encryption followed by separate HMAC (use AEAD modes instead).
Never store plaintext passwords. Use bcrypt, scrypt, or Argon2 for password hashing (not simple SHA). Add unique salt per password. Use work factors preventing brute-force attacks. Implement account lockout after failed attempts.
Use cryptographically secure RNGs (java.security.SecureRandom, /dev/urandom on Unix, CryptGenRandom on Windows). Seed RNGs properly. Avoid Math.random() and predictable seeds. Generate sufficient entropy for key sizes.
Always verify JWT signature before accepting tokens. Check expiration timestamps. Validate issuer (iss) and audience (aud) claims. Use short expiration times (15-60 minutes). Implement refresh token mechanism. Never trust 'alg: none' tokens.
Check: (1) Using same IV for decryption as encryption, (2) Key is identical, (3) Padding mode matches (PKCS5, PKCS7), (4) Data wasn't corrupted during transmission. For authenticated encryption (GCM), authentication tag must also be identical.
For symmetric encryption: AES-256 is sufficient for most applications. For asymmetric: RSA-2048 minimum (RSA-4096 for highly sensitive), ECC-256 equivalent to RSA-2048. For hashing: SHA-256+ is secure (MD5/SHA-1 deprecated). Check NIST SP 800-57 recommendations.
Encryption is reversible (requires key): AES, RSA. Hashing is one-way (cannot reverse): SHA-256, MD5. Use encryption for confidential data, hashing for integrity verification and password storage.
No, use separate keys. Different key derivation functions should generate different keys from a master key. HMAC with encryption key reduces security margin. Use KDF (Key Derivation Function) to derive separate keys if needed.