Encryption, decryption, and hash generation tools
Generate MD5 and MD4 hash values for text or files with multiple output formats
Online SHA hash generator supporting SHA-1, SHA-256, SHA-384, SHA-512 algorithms
Securely encrypt and decrypt text using AES algorithm
Original AES algorithm with flexible block sizes (128/192/256 bits). Supports CBC, ECB, CFB, OFB modes
Decode, verify, and generate JSON Web Tokens with support for multiple signing algorithms
Generate HMAC authentication codes with MD5, SHA-1, SHA-224, SHA-256, SHA-384, SHA-512, SHA3, and RIPEMD-160 algorithms
Use RSA asymmetric encryption for public key encryption, private key decryption, digital signing and verification
Generate Ed25519 key pairs, sign messages, and verify signatures using the Edwards-curve Digital Signature Algorithm
Generate ECDSA key pairs, sign messages, and verify signatures with secp256k1, P-256, P-384, P-521 curves
Generate DSA key pairs, sign and verify messages using FIPS 186 Digital Signature Algorithm (legacy, verification only approved in FIPS 186-5)
Encrypt and decrypt using DES and 3DES algorithms with multiple modes and padding options
Fast symmetric block cipher with variable key length (32-448 bits), designed by Bruce Schneier
AES finalist symmetric cipher with 128-bit blocks and 128/192/256-bit keys, designed by Bruce Schneier
Symmetric block cipher with variable key length (40-128 bits), widely used in PGP encryption, RFC 2144 compliant
AES finalist block cipher with 128/192/256-bit keys, 32 rounds, offering excellent security margin and proven resistance to cryptanalysis
Australian AES candidate block cipher with 128-bit blocks and 128/192/256-bit keys, 16-round Feistel network design
International Data Encryption Algorithm with 128-bit key and 64-bit blocks, historically used in PGP
Tiny Encryption Algorithm family with 128-bit key, popular in game development, IoT devices, and embedded systems
RC family stream and block ciphers including RC4, RC4-Drop, RC5, and RC6 (AES finalist) with multiple modes
Modern stream cipher with ChaCha20, ChaCha20-Poly1305 AEAD, and XChaCha20 variants for secure encryption
High-speed stream cipher with Salsa20, Salsa20/12, Salsa20/8, and XSalsa20 variants for secure encryption
Japanese/European standard block cipher (ISO/IEC 18033-3) with 128/192/256-bit keys and multiple modes
Korean national standard block cipher (RFC 4269, ISO 18033-3) with 128-bit key and CBC mode
GOST 28147-89/Magma Russian block cipher with multiple modes, S-Box options, and various padding methods
Generate BLAKE2b, BLAKE2s, and BLAKE3 hashes for text and files, fast and secure hashing algorithms
Generate and verify secure password hashes using Bcrypt, Scrypt, and Argon2 algorithms
Derive secure encryption keys from passwords using PBKDF2 with SHA-256/384/512, OWASP compliant iterations
Derive cryptographic keys using RFC 5869 HKDF extract-expand paradigm, used in TLS 1.3 and Signal Protocol
Calculate CRC-8, CRC-16, CRC-32, CRC-64 checksums with support for Modbus, CCITT and other protocol standards
Calculate Adler-32 checksums for text and files, fast checksum used in zlib/gzip compression
Generate RIPEMD-128/160/256/320 hashes for text and files, RIPEMD-160 widely used in Bitcoin
Generate 512-bit Whirlpool hashes using Whirlpool-0, Whirlpool-T, and Whirlpool ISO standard algorithms
Generate Snefru-128/256 hashes for text and files, early cryptographic hash function by Ralph Merkle
Generate HAS-160 hashes, Korean cryptographic standard for KCDSA digital signatures
Extremely fast non-cryptographic hash supporting xxHash32, xxHash64, xxHash3, and xxHash128
Generate SHA3-224/256/384/512 and Keccak hashes with WebAssembly acceleration, used in Ethereum
High-performance non-cryptographic hash function for hash tables, Bloom filters, and data partitioning
Fowler-Noll-Vo hash function with FNV-1 and FNV-1a variants, used in DNS, hash tables and data structures
Generate GOST R 34.11-94 and Streebog (GOST R 34.11-2012) hashes, Russian national cryptographic standards
Chinese national standard cryptography tools supporting SM2 public key cipher, SM3 hash, and SM4 block cipher
Cryptography is the practice of using mathematical algorithms to secure data against unauthorized access and manipulation. This category covers essential cryptographic operations including symmetric encryption (AES, DES, Blowfish, Twofish), asymmetric encryption (RSA), hashing algorithms (MD5, SHA, BLAKE), HMAC for authentication, and JWT for secure token generation. These tools are fundamental to protecting sensitive information in applications, APIs, databases, and data transmission. Modern cryptography provides confidentiality through encryption, integrity through hashing, and authenticity through digital signatures. Understanding when and how to use each cryptographic algorithm is critical for building secure systems. This guide covers algorithm selection, key management best practices, security considerations, and common pitfalls to avoid.
Advanced Encryption Standard (AES) is the industry standard for symmetric encryption, used by government agencies and enterprises worldwide. It supports 128, 192, and 256-bit key sizes, with AES-256 providing quantum-resistant security for highly sensitive data.
RSA is a public-key cryptosystem enabling secure communication without prior key exchange. Essential for HTTPS, digital signatures, and asymmetric encryption scenarios where parties haven't met before.
SHA (Secure Hash Algorithm) family provides cryptographic hash functions for data integrity verification, password storage, and digital signatures. SHA-256 and SHA-3 are recommended for new applications.
| Algorithm Type | Description & Use Cases |
|---|---|
| Symmetric Encryption (AES, DES, Blowfish) | Uses single shared key for both encryption and decryption. Fast and efficient for large data volumes. Examples: AES-256, DES (deprecated), Blowfish. Best for: Database encryption, file encryption, local data protection. Drawback: Key distribution challenge. |
| Asymmetric Encryption (RSA) | Uses public key to encrypt and private key to decrypt. Enables secure communication without key pre-sharing. Best for: HTTPS, digital signatures, key exchange. Drawback: Slower than symmetric encryption, suitable for small data. |
| Hashing (MD5, SHA, BLAKE) | One-way function producing fixed-size fingerprint of data. Cannot be reversed to original data. Used for integrity verification and password storage. Examples: SHA-256, SHA-3, BLAKE2. Avoid: MD5 (collision vulnerabilities). |
| HMAC (Hash-based Message Authentication Code) | Combines hashing with a secret key to verify both integrity and authenticity. Essential for API authentication and message verification. Supports any hash algorithm (HMAC-SHA256, HMAC-SHA512). |
| JWT (JSON Web Tokens) | Compact, URL-safe token format for stateless authentication and information exchange. Contains header, payload, and signature. Use RS256/ES256 for asymmetric signing, HS256 only for trusted parties. |
| SM Cryptography (Chinese Standard) | Chinese national cryptographic standards including SM2 (asymmetric), SM3 (hashing), SM4 (symmetric). Used in China-compliant systems. SM2 provides similar security to RSA-2048 with 256-bit keys. |
Use AES-256 for symmetric encryption, RSA-2048+ or ECC for asymmetric encryption, SHA-256+ or SHA-3 for hashing. Avoid deprecated algorithms: MD5 (collisions), SHA-1 (weaknesses), DES (56-bit keys), RC4. Check NIST recommendations for compliance requirements.
Generate keys using cryptographically secure random generators. Store keys securely (hardware security modules, key vaults, never hardcode). Rotate keys regularly (annually recommended). Use different keys for different purposes. Never log or expose keys in error messages.
For sensitive data, use AES-GCM (Galois/Counter Mode) providing both encryption and authentication. Never use ECB mode (encrypts identical plaintext blocks identically). Avoid unauthenticated encryption followed by separate HMAC (use AEAD modes instead).
Never store plaintext passwords. Use bcrypt, scrypt, or Argon2 for password hashing (not simple SHA). Add unique salt per password. Use work factors preventing brute-force attacks. Implement account lockout after failed attempts.
Use cryptographically secure RNGs (java.security.SecureRandom, /dev/urandom on Unix, CryptGenRandom on Windows). Seed RNGs properly. Avoid Math.random() and predictable seeds. Generate sufficient entropy for key sizes.
Always verify JWT signature before accepting tokens. Check expiration timestamps. Validate issuer (iss) and audience (aud) claims. Use short expiration times (15-60 minutes). Implement refresh token mechanism. Never trust 'alg: none' tokens.