PBKDF2 Key Derivation Demo - Online Password‑Based Key
Derive a strong cryptographic key from a password using PBKDF2 with SHA‑256. Adjust iterations and salt. Educational and test tool.
UD5 Toolkit
Modern, memory-hard password hashing — winner of the Password Hashing Competition
64 MB (65,536 KB). Use 128 MB or more for high-security applications.3. Use 5-10 for enhanced security.4).32 bytes (256 bits) is standard and sufficient.Argon2id.$argon2id$v=19$m=65536,t=3,p=4$salt$hash) contains all parameters needed for verification. Most Argon2 libraries provide a verify() function:argon2 npm package — argon2.verify(encodedHash, password)argon2-cffi — PasswordHasher().verify(encodedHash, password)password_verify($password, $encodedHash) (PHP 7.2+)golang.org/x/crypto/argon2$argon2id$v=19$m=65536,t=3,p=4$<base64-salt>$<base64-hash>$argon2id$ — variant identifier (i, d, or id)v=19 — Argon2 version (0x13 = 19 = version 1.3)m=65536 — memory cost in KBt=3 — time cost (iterations)p=4 — parallelism (lanes)$<salt>$<hash> — Base64-encoded salt and hash (without = padding)Derive a strong cryptographic key from a password using PBKDF2 with SHA‑256. Adjust iterations and salt. Educational and test tool.
Check if a password appears in the Have I Been Pwned database using k‑Anonymity. Only the first 5 characters of the hash are sent.
Generate strong yet memorable passphrases from a large wordlist. Choose the number of words and include a number or symbol for extra security.
Paste the content of a JavaScript or CSS file and get its SHA‑256, SHA‑384, or SHA‑512 integrity hash. Build the full <script> tag with crossorigin.
Enter a username and password to generate an .htpasswd entry using bcrypt. Runs entirely in browser.
Calculate the entropy (in bits) of a password based on character pool size and length. Visual strength meter with crack time estimation. Local only.
Enter a CDN URL for a script or style and generate the integrity attribute with sha384 or sha512. Protect your site.
Enter a router's MAC address or serial and generate the common default WPA passphrase for major ISP brands. Educational purpose only.
Enter a password and see the estimated time it would take to crack using brute force at different speeds. Educational.
Paste a hash and the tool guesses which algorithm created it based on length and format. Useful for forensic analysis.
Generate a BLAKE3 hash of any text or file. Extremely fast. Perfect for checksums and content addressing. Local.
Generate SHA‑3 and SHAKE hashes of any text with configurable output length. All local using js library.
Generate SHA‑1, SHA‑256, SHA‑512, and SHA‑3 digests of any text or file. Verify integrity. All in your browser.
Generate a bcrypt hash from a password with configurable salt rounds. Verify a password against a hash. Entirely client‑side.
Hash passwords using the bcrypt algorithm with configurable cost factor. Also verify a password against a stored hash. All local.
Generate the MD5 hash of any text string. For quick integrity checks. All local computation.
Hash any text using simple, fast algorithms: DJB2, SDBM, or CRC32. Get integer or hex. For quick lookups. Local.
Create a random long password that alternates consonants and vowels to mimic a pronounceable word. XKCD meets CVCV. Local.
Evaluate password strength through a short interactive story where each character set adds lines to a narrative. Educational fun.
Type a password and see a bar that fills based on estimated bits of entropy. Color‑coded feedback. No storage.
Create secure passwords that look like gibberish words but are easy to pronounce and remember. Mix of syllables. Local generation.
Store passwords and notes encrypted with a master passphrase. Data lives only in your browser's localStorage. No cloud.
Create a strong, memorable password using 4 random common words. The famous xkcd method. Local wordlist.
Compare your password against a built‑in list of the 10,000 most common passwords. Instant warning if it appears.
Tell if your password has appeared in data breaches without sending the full password. Uses hash prefix locally.
Generate encrypted passwords for .htaccess basic authentication. Create .htpasswd entries using bcrypt, MD5, or SHA. Server admin utility, local compute.
Generate cryptographic and checksum hashes for any text string. Supports MD5, SHA-1, SHA-256, and CRC32. All hashing runs locally for maximum privacy.
Generate ultra-secure, random passwords with configurable length and character sets. Created entirely on your device; never transmitted or stored.