loot.tools

Security tools

13 tools

Generate passwords, hashes, UUIDs, key pairs, and one-time codes, or decode a JWT to see what's actually inside it. Everything runs locally in your browser, so the secrets you paste here never travel anywhere.

Like everything on loot.tools, these run entirely in your browser. Free, no account, and nothing you enter leaves the tab.

Which one do you need?

For passwords, generate strong ones with Password Generator and audit the ones you already use with Password Strength Checker. For secrets in flight, JWT Encoder/Decoder shows what a JWT actually carries and signs new ones, TOTP / 2FA Code Generator produces the same six-digit codes as your authenticator app from a shared secret, and AES Text Encryption locks a piece of text behind a password with AES-256.

The hashing tools differ by purpose. Hash Generator computes SHA-1 through SHA-512 digests for checksums and integrity comparisons. HMAC Generator does keyed hashes for signing API requests. BCrypt Generator & Verifier is specifically for password storage, where a deliberately slow hash is the point. And RSA / EC Key Pair Generator creates RSA and elliptic-curve key pairs for public-key crypto.

For identifiers and account numbers: UUID Generator makes standard random UUIDs, while ULID Generator makes sortable ones that encode their creation time. Credit Card Validator runs the Luhn check and generates fake card numbers for testing, and IBAN Validator verifies an IBAN's checksum and country format before a payment form does it the hard way.