Questions that come up across all the tools on this site — data safety, terminology, and the reasoning behind some of the warnings you'll see.
It depends entirely on whether the tool processes data on a server or in your browser. If a tool sends what you type to a backend for processing, that data can end up in server logs, error trackers, or a database — even briefly. Every tool on KeyForge runs entirely client-side: encryption, hashing, formatting, and generation all happen with browser APIs, and nothing you type is ever transmitted anywhere. Check any tool's description for an explicit statement that it runs 'entirely in your browser' before pasting anything sensitive into it.
It means the computation happens using your browser's own JavaScript engine and built-in APIs (like the Web Crypto API), on your device, rather than being sent over the network to a server for processing. You can verify this yourself using your browser's network inspector — open developer tools, use a client-side utility, and confirm no request containing your input is ever sent.
MD5 and SHA-1 are both cryptographically broken — practical collision attacks exist for both, meaning an attacker can construct two different inputs that hash to the same value. They remain fine for non-adversarial uses like checksums to detect accidental corruption, but should never be used for password storage, digital signatures, or anywhere an attacker might benefit from forging a match.
Encoding (like Base64 or Hex) is a reversible transformation with no secret key — anyone can decode it, so it provides no confidentiality at all. It's used to represent binary data as text, not to hide information. Encryption (like AES) requires a secret key to reverse and is designed specifically to keep data confidential from anyone who doesn't have that key.
No. None of the tools on this site require sign-up, login, or any account. Every tool works immediately, with no data retained between visits.
Explore the tools this FAQ refers to: