Encoding, Hashing & Security Tools

Encoding, hashing, and auth-token handling come up constantly in web development and operations. Every tool in this section runs in-browser, so trying out tokens with sensitive content does not send them anywhere. The one habit to keep is not pasting real production secrets while screen-sharing.

Tools in this topic (11)

• Base64 Encode / Decode

  Encode and decode Base64 in your browser

• URL Encode / Decode

  Encode and decode URL strings in your browser

• HTML Entity Encoder / Decoder

  Encode and decode HTML entities instantly in your browser

• Punycode Converter

  Convert internationalized domain names between Unicode and Punycode

• Text to Binary Converter

  Convert text to binary (0s and 1s) and back

• Binary ↔ Text Converter

  Convert between text and binary representation

• Hash Generator

  Generate SHA-1, SHA-256, SHA-384, and SHA-512 hashes in your browser

• HMAC Generator

  Generate HMAC using SHA-1, SHA-256, SHA-384, or SHA-512 in your browser

• JWT Decoder

  Decode and inspect JSON Web Tokens (JWT) instantly in your browser

• UUID Generator

  Generate UUID v4 or v7 instantly in your browser with one click

• Password Generator

  Generate secure random passwords

Related articles

• Apr 26, 2026

  Why Base64 grows by 4/3, and how URL-safe Base64 differs

  How Base64 works, the 3-byte to 4-character mapping, why output is roughly 33% larger, and the URL-safe variant that swaps `+/` for `-_`.

• Apr 26, 2026

  How to choose between MD5, SHA-1, and SHA-256 in practice

  Differences between MD5, SHA-1, and SHA-256, the state of collision attacks, and which to use for checksums vs signatures vs password storage.

• Apr 26, 2026

  HMAC vs hash: why message authentication needs a key

  How HMAC differs from a plain hash, why adding a key turns hashing into authentication, and where HMAC fits in real protocols.

• Apr 26, 2026

  HTML entity escaping: why each context needs its own rules

  HTML body, attribute values, JavaScript strings, and URLs each demand different escapes. The five core entities, double-escaping pitfalls, and the safe approach.

• Apr 26, 2026

  Reading a JWT: header, payload, and signature explained

  Why a JWT is "three Base64URL strings joined by dots", what each section contains, and how signature verification works in practice.

• Apr 26, 2026

  Password entropy, length, and character classes: speaking strength in numbers

  Why password strength is determined by length and character set, the entropy formula in bits, brute-force resistance estimates, and practical targets for real-world use.

• Apr 26, 2026

  Punycode and internationalized domain names: what happens behind a Unicode URL

  How a domain like 日本.jp gets translated to ASCII via Punycode, the homograph attack risk it created, and how browsers decide whether to show Unicode or Punycode.

• Apr 26, 2026

  Text and bytes: ASCII, UTF-8, and the gap between characters and bytes

  How characters become bytes, the 7-bit ASCII table, UTF-8's variable-length encoding, and why detecting an encoding from raw bytes is hard.

Browse all articles →

Other topics

• JSON & Data Format Tools
• Color & CSS Tools
• Date & Time Tools
• Text Processing Tools

See all topics →