Developer Tools FAQ

Questions that come up across all the tools on this site — data safety, terminology, and the reasoning behind some of the warnings you'll see.

Is it safe to paste sensitive data (API keys, tokens, real passwords) into an online tool?

It depends entirely on whether the tool processes data on a server or in your browser. If a tool sends what you type to a backend for processing, that data can end up in server logs, error trackers, or a database — even briefly. Every tool on KeyForge runs entirely client-side: encryption, hashing, formatting, and generation all happen with browser APIs, and nothing you type is ever transmitted anywhere. Check any tool's description for an explicit statement that it runs 'entirely in your browser' before pasting anything sensitive into it.

What does 'client-side' actually mean?

It means the computation happens using your browser's own JavaScript engine and built-in APIs (like the Web Crypto API), on your device, rather than being sent over the network to a server for processing. You can verify this yourself using your browser's network inspector — open developer tools, use a client-side utility, and confirm no request containing your input is ever sent.

Why do some tools warn about MD5 or SHA-1?

MD5 and SHA-1 are both cryptographically broken — practical collision attacks exist for both, meaning an attacker can construct two different inputs that hash to the same value. They remain fine for non-adversarial uses like checksums to detect accidental corruption, but should never be used for password storage, digital signatures, or anywhere an attacker might benefit from forging a match.

What is the difference between encoding and encryption?

Encoding (like Base64 or Hex) is a reversible transformation with no secret key — anyone can decode it, so it provides no confidentiality at all. It's used to represent binary data as text, not to hide information. Encryption (like AES) requires a secret key to reverse and is designed specifically to keep data confidential from anyone who doesn't have that key.

Do I need an account to use these tools?

No. None of the tools on this site require sign-up, login, or any account. Every tool works immediately, with no data retained between visits.

← Back to KeyForge