Password Hashing Demo

A simple browser demo that shows password strength, hashing, and salt. Everything runs on your device, so nothing you type is sent anywhere.

JavaScript Web Crypto API SHA-256 bcrypt Cryptography

Hashing

Hashing turns a password into a new value so the original password does not need to be stored.

Salt

A salt is random data added before hashing so the same password does not always create the same result.

Slow hashing

Slower password hashing makes it harder for an attacker to test huge numbers of guesses quickly.

01 - Check password strength

8+ characters

Uppercase letter

Lowercase letter

Number

Special character

12+ characters

Length

0 bits

Entropy

02 - See the hash

Input Hash output

SHA-256 is a strong hash, but passwords still need salt and a slower option like bcrypt.

03 - See what salt does

A salt is random data added before hashing. That means two people can use the same password and still end up with different stored hashes, which also helps stop rainbow table lookups from working as easily.

Salt (32 random bytes)

SHA-256(password + salt)

Browser only

Everything runs in your browser using the Web Crypto API. No data is sent to a server, and the demo does not store what you type.

How It Was Made

This project was built as a browser-only demo with plain HTML, CSS, and JavaScript. The goal was to make password hashing easier to see and understand without needing a backend.

Click a topic to view the code

HTML and CSS build the layout, cards, bars, and question section.

Vanilla JavaScript updates the strength meter, switches algorithms, and keeps the page interactive.

Web Crypto API creates real browser-side hashes like SHA-256 and SHA-1.

Random salt generation comes from crypto.getRandomValues(), which is built into modern browsers.

Q&A

Back to all projects