UD5 Toolkit
AES Text Encrypt/Decrypt - Online Secure Message Tool
Encrypt and decrypt text using AES in the browser with a password. Uses Web Crypto API. No data sent to server.
.htpasswd Generator – Online Apache Password Encrypter
.htpasswd Generator
Online Apache Password Encrypter — Generate secure .htpasswd entries instantly
Bcrypt
APR1 MD5
SHA-1
Apache Compatible
Instant Generation
Credentials
Only alphanumeric characters, hyphens, underscores, and dots are recommended.
Recommended
Bcrypt ($2y$)
Most secure · Apache 2.4+
Widely Compatible
APR1 MD5 ($apr1$)
Good compatibility · Apache 2.0+
Legacy
SHA-1 ({SHA})
Legacy support · Older Apache
Deprecated
Crypt (DES)
Max 8 chars · Avoid if possible
Higher cost = stronger encryption but slower generation. Cost 10–12 is recommended for production.
Generated Output
Your generated .htpasswd entry will appear here...
Usage: Place the generated line in your
File location: Typically
.htpasswd file on your Apache server.File location: Typically
/etc/apache2/.htpasswd or specified via AuthUserFile directive.
Frequently Asked Questions
What is a .htpasswd file?
A .htpasswd file stores usernames and encrypted passwords for HTTP basic authentication on Apache web servers. Each line contains a username followed by a colon and the encrypted password. It works alongside
.htaccess files to protect directories, admin panels, staging sites, and private resources from unauthorized access.Which encryption algorithm should I choose?
Bcrypt ($2y$) is the gold standard — it's the most secure option and is natively supported in Apache 2.4+. APR1 MD5 ($apr1$) offers excellent compatibility across all modern Apache versions. SHA-1 ({SHA}) is a legacy format still used on older servers. Crypt (DES) is deprecated and limited to 8-character passwords — avoid it unless you're supporting very old systems. For new deployments, always choose Bcrypt with a cost factor of 10 or higher.
How do I use the generated entry on my Apache server?
Copy the generated line and append it to your
.htpasswd file (one user per line). Ensure your .htaccess file references it with AuthUserFile /path/to/.htpasswd. Then set AuthType Basic, AuthName "Restricted Area", and Require valid-user. After updating, restart or reload Apache with sudo systemctl reload apache2 (or httpd). Always store the .htpasswd file outside the web root for security.Is it safe to generate passwords in the browser?
Yes, 100%. All encryption happens locally in your browser using JavaScript. Your password never leaves your device, is never sent to any server, and is never stored. We use cryptographically secure random number generation (
crypto.getRandomValues) for salt generation. You can verify this by disconnecting from the internet — the tool works completely offline.What does the Bcrypt cost factor mean?
The cost factor (also called "rounds" or "work factor") determines how computationally expensive the bcrypt hash calculation is. It's an exponent: cost 10 means 210 = 1,024 iterations. Higher values make brute-force attacks exponentially harder but also slow down legitimate authentication. Cost 10 is the current sweet spot — secure enough to thwart attackers while adding negligible latency (< 100ms) to login requests. Apache's
htpasswd -B default is cost 5, but we recommend at least 10.Can I generate multiple entries at once?
Yes! Generate each entry one at a time, copy them, and combine them in your
.htpasswd file — each user on its own line. For bulk operations, you can use the command-line htpasswd tool: htpasswd -bB /path/to/.htpasswd username password. This online tool is ideal for quick individual entries when you don't have CLI access.Does this work with Nginx or other web servers?
The
.htpasswd format is primarily associated with Apache, but Nginx also supports it for HTTP basic authentication via the auth_basic_user_file directive. The APR1 MD5 and bcrypt formats are widely compatible. However, Nginx may require the httpd-tools package or specific modules. Always test your configuration after deploying.What's the difference between $2a$, $2b$, and $2y$ bcrypt prefixes?
These prefixes indicate the bcrypt variant: $2a$ was the original OpenBSD bcrypt (has a known bug with certain characters). $2b$ fixed that bug. $2y$ is the PHP/OpenBSD standard and the most widely supported across platforms. We use $2y$ for maximum compatibility with Apache, PHP, and modern systems.
Old English / Anglo‑Saxon Word Lookup – Online Basic Translator
Type a modern English word and get a possible Old English equivalent. Works offline with a limited but curated wordlist. Learn history.
Jerky Marinade Ratio Calculator – Online Soy, Worcestershire, Cure
Scale a jerky marinade recipe based on meat weight. Includes optional cure #1 calculation for safety.
JavaScript Keycode Finder - Online Keyboard Event Tool
Press any key to see the corresponding JavaScript event key, code, and keyCode. An essential debugging tool for front-end developers handling keyboard input.
HTML Attribute Remover - Online Clean Up Markup
Strip specific or all attributes from HTML tags. Clean up messy code. Keep the structure. Purely local.
Mac Keyboard Shortcut Visualizer – Online Modifier Key Cheatsheet
Press a combination of modifier keys and see which common macOS shortcuts use them. Learn by experimentation.
Keyboard Event Debugger - Online See keydown Key Data
Press any key and see the full KeyboardEvent object: key, code, keyCode, modifier status. Dev tool.
X‑Frame‑Options Tester - Online Clickjacking Defense
Check if a URL can be embedded in an iframe. Test your site’s defense against clickjacking. Browser‑based.
iCal Event to HTML Snippet - Online Add to Calendar Links
Fill in event details and generate 'Add to Calendar' links for Google, Outlook, and Yahoo, plus a downloadable .ics file.
Password Entropy Calculator - Online Bits of Security Meter
Calculate the entropy (in bits) of a password based on character pool size and length. Visual strength meter with crack time estimation. Local only.
Apache RewriteRule Generator - Online mod_rewrite Helper
Build Apache mod_rewrite rules for redirects or clean URLs. Fill in simple fields and get the .htaccess code.
Default Wi‑Fi Password Calculator - Online ISP Router Keygen
Enter a router's MAC address or serial and generate the common default WPA passphrase for major ISP brands. Educational purpose only.
Brute Force Time Estimator - Online Password Cracking Simulation
Enter a password and see the estimated time it would take to crack using brute force at different speeds. Educational.
Password Pwned? Checker - Online k‑Anonymity
Check if a password appears in the Have I Been Pwned database using k‑Anonymity. Only the first 5 characters of the hash are sent.
Bcrypt Hash Generator - Online Password Hashing Tool
Generate a bcrypt hash from a password with configurable salt rounds. Verify a password against a hash. Entirely client‑side.
PBKDF2 Key Derivation Demo - Online Password‑Based Key
Derive a strong cryptographic key from a password using PBKDF2 with SHA‑256. Adjust iterations and salt. Educational and test tool.
Argon2 Hash Generator - Online Modern Password KDF
Generate Argon2id hashes in the browser using a WASM compilation. Choose memory, iterations, and parallelism. Secure local hashing.
Bcrypt Hash Generator & Verifier - Online Password Hashing
Hash passwords using the bcrypt algorithm with configurable cost factor. Also verify a password against a stored hash. All local.
Pronounceable Random Password - Online Secure & Readable
Create a random long password that alternates consonants and vowels to mimic a pronounceable word. XKCD meets CVCV. Local.
Password Strength Story - Online Visual Narrative
Evaluate password strength through a short interactive story where each character set adds lines to a narrative. Educational fun.
Password Bit Strength Visualizer - Online Security Meter
Type a password and see a bar that fills based on estimated bits of entropy. Color‑coded feedback. No storage.
Pronounceable Password Generator - Online Easy to Say
Create secure passwords that look like gibberish words but are easy to pronounce and remember. Mix of syllables. Local generation.
.htaccess Validator - Online Check Syntax
Paste your .htaccess rules and check for common syntax errors or misconfigurations. No server required; static analysis.
Local Password Vault - Online Encrypted Browser Storage
Store passwords and notes encrypted with a master passphrase. Data lives only in your browser's localStorage. No cloud.
XKCD‑Style Password Generator - Online Correct Horse Battery Staple
Create a strong, memorable password using 4 random common words. The famous xkcd method. Local wordlist.
Web Server Log Parser - Online Apache/Nginx Analyzer
Paste a raw server log snippet and see a structured table with IP, method, URL, and status. Quick audit.
Weak Password Dictionary Check - Online Top 10k List
Compare your password against a built‑in list of the 10,000 most common passwords. Instant warning if it appears.
Local Password Breach Checker - Online k‑Anonymity
Tell if your password has appeared in data breaches without sending the full password. Uses hash prefix locally.
.htaccess Password Generator - Online Apache Auth Creator
Generate encrypted passwords for .htaccess basic authentication. Create .htpasswd entries using bcrypt, MD5, or SHA. Server admin utility, local compute.
Strong Password Generator - Online Random Secure Passwords
Generate ultra-secure, random passwords with configurable length and character sets. Created entirely on your device; never transmitted or stored.