Frequently asked questions
Is the random number generator cryptographically secure?
Yes — `crypto.getRandomValues` is a CSPRNG mandated by the Web Crypto specification. It's safe for password generation, key material, and security tokens.
How is AES encryption implemented?
We use Web Crypto's AES-256-GCM with a key derived from your passphrase via PBKDF2 (200,000 iterations + 16-byte random salt + random IV). The encrypted output bundles salt, IV, and ciphertext together — same format Web Crypto expects to decrypt.
Why generate passwords or hashes locally rather than on a server?
Any string you generate on a server is technically observable by that server (in logs, in transit, in caches). For a low-stakes password (a guest Wi-Fi code) the risk is academic. For high-value passwords — your master password, cryptocurrency seed phrases, recovery keys, encryption passphrases — local generation is the entire point of the exercise. SnapToolz' security tools run with no network call, so the secrets exist only on your device until you copy them into your password manager.
Can I trust browser-side encryption with sensitive data?
The Web Crypto API is the same primitive that secures HTTPS, JWT signing, and credential storage in every modern browser. AES-256-GCM at 200k PBKDF2 iterations is the same standard used by enterprise password managers. The harder question is what happens to the ciphertext after — write it to a secure place yourself; the encryption is only as strong as where you store the result.
Are my files uploaded anywhere?
No. Every SnapToolz tool runs entirely in your browser using JavaScript and WebAssembly. Files are read locally, processed in memory, and the result is offered as a download. There is no backend.
Is everything free?
Yes — every tool in this category and on the entire site is free with no sign-up, no daily limit, and no watermark.