Security & Privacy Tools.

Security tools should be trustworthy by design, and the biggest design flaw in most online security tools is that they send your sensitive data to a server. A password generator that makes a network request defeats the entire purpose: you cannot know whether the generated passwords are being logged. Every tool in this section runs entirely in your browser using the Web Crypto API, a standardized cryptographic interface built into modern browsers. Your passwords, hashes, and encrypted data never travel over the network.

The password generator uses `crypto.getRandomValues()` under the hood, which is the same source of entropy used by professional security applications. This is meaningfully different from `Math.random()`, which is not cryptographically secure and produces predictable output if the seed can be guessed. You can configure length, character sets (uppercase, lowercase, numbers, symbols), and whether to exclude visually similar characters like `l`, `1`, `I`, `O`, and `0` that cause errors when typed from memory.

Password strength evaluation is more nuanced than counting character types. A 12-character password made of dictionary words is weaker than a random 8-character password despite being longer. The strength tester uses a combination of pattern matching and entropy calculation: it detects keyboard patterns like `qwerty`, common substitutions like `p@ssw0rd`, repeated characters, and sequences. The result tells you not just a score but specifically what weakness was detected so you understand why.

Cryptographic hash functions are fundamental to software development: verifying file downloads, storing passwords securely, generating unique identifiers, and signing data. The hash generator produces MD5, SHA-1, SHA-256, SHA-384, and SHA-512 hashes for any input text or file. Note that MD5 and SHA-1 are considered broken for security purposes but remain useful for non-security applications like checksums. For password storage and security-critical hashing, SHA-256 or SHA-512 are the appropriate choices.

The encryption tool provides AES-256-GCM encryption and decryption using a passphrase you supply. AES-256-GCM is authenticated encryption: it both encrypts the data and adds a tamper-detection tag, so you can verify the encrypted data has not been modified. This is the standard used in TLS and many secure messaging protocols. The tool is useful for encrypting sensitive notes, backing up credentials, or sending confidential information through an insecure channel.

Credit card validation uses the Luhn algorithm to check whether a card number is structurally valid before sending it to a payment processor. This is useful for developers building payment forms to add client-side validation without relying on a payment API call. It also identifies the card network (Visa, Mastercard, Amex, Discover) from the number's prefix, which determines which validation icon to show in the UI.