About This Tool
All generation and hashing happens entirely in your browser using the Web Crypto API. No data is sent anywhere. No logs. Refresh the page and it's gone.
Why use Web Crypto API?
crypto.getRandomValues() uses OS-level entropy β far stronger than Math.random() which is predictable. This is the same source used by password managers.
MD5 vs SHA-256 β which to use?
MD5 & SHA-1 are broken for security purposes β use only for checksums or legacy systems. SHA-256 is the current standard for password hashing pipelines and data integrity.
What is a salt?
A salt is a random prefix added before hashing so two identical passwords produce different hashes. Use the Custom Salt field to prepend your salt, then hash the result β defeating rainbow table attacks.
What does entropy mean here?
Entropy (bits) = log2(charset_size) Γ length. Above 60 bits is strong. Above 100 bits is uncrackable with current hardware. A 16-char alphanumeric+symbol password gives ~104 bits.
Bulk mode use cases
Generate one-time tokens, API keys, test data seeds, temporary user passwords, or salt strings for your database in seconds. Export as CSV and import directly.
Custom string hasher
Quickly verify checksums, hash emails for Gravatar, or test your hashing pipeline without leaving the page. Supports UTF-8 strings including unicode characters.