Crypto & Keys

Hashes, HMACs, UUIDs and encryption keys computed with the Web Crypto API built into your browser.

These four tools all lean on the Web Crypto API built into your browser, but they answer distinct needs. A hash is a one-way fingerprint of data: the Hash Generator computes SHA-256, SHA-512, SHA-3 and — for legacy checksums — MD5, so identical input always yields identical output while a single changed byte scrambles the whole digest. When you need to prove a message came from someone holding a shared secret, such as a webhook signature or an authenticated API request, reach for the HMAC Generator, which folds a key into the hash so the result cannot be forged by anyone without that key.

For raw key material itself — the bytes you feed to AES, or an application secret in a config file — the Encryption Key Generator emits cryptographically random values as hex or Base64 at whatever length you choose. And when you just want a unique identifier with no central coordination, such as a database row, a request trace or an idempotency token, the UUID Generator produces version-4 UUIDs carrying 122 random bits — enough that collisions stay a non-issue at any realistic scale.

The randomness under every generator comes from crypto.getRandomValues(), not Math.random(); the CSPRNG guide explains why that difference matters for anything security-related, including the modulo-bias trap. If you find yourself weighing hashing against real encryption, the encoding versus encryption versus hashing explainer sorts the three apart with worked examples.