Encryption Playground

• Symmetric (AES, ChaCha20) — same key encrypts and decrypts. Fast, used for everything bulk. Both parties must have the secret key.
• Asymmetric (RSA, ECC, EdDSA) — different keys for encryption/decryption. Slow, used for key exchange and signatures. Allows sharing data with someone whose public key you have without sharing a secret.
• AEAD (Authenticated Encryption with Associated Data) — GCM, ChaCha20-Poly1305. Encryption + integrity in one operation. Modern standard; replaces "encrypt-then-MAC".
• Hash functions (SHA-256, SHA-3) — one-way. Used in signatures, integrity, password storage.
• Key derivation (PBKDF2, Argon2, scrypt) — turn a password into a key. Designed to be slow on purpose, to make brute force harder.

• ECB (Electronic Codebook) — each block encrypted independently. Same plaintext block → same ciphertext block. Visible patterns in images (the famous "ECB Penguin" demo). NEVER use ECB for anything.
• CBC (Cipher Block Chaining) — each block XOR'd with previous ciphertext before encryption. No pattern leakage. BUT — vulnerable to padding-oracle attacks if not properly authenticated.
• CTR (Counter) — encrypt a counter and XOR with plaintext. No padding needed. Parallel-encryptable. Safe against pattern leakage. BUT — no integrity.
• GCM (Galois/Counter Mode) — CTR + GMAC authentication. Encrypted + integrity-protected. The modern default for new applications.
• OFB, CFB — older streaming modes. Mostly historical; CTR / GCM are preferred.

For modern code: use AES-GCM or ChaCha20-Poly1305. Both provide encryption + integrity in one step. Both are well-studied, widely supported, and fast.

• Encrypting a file before storage — AES-GCM (symmetric, fast). Derive key from password with Argon2id.
• Sending a message to someone whose public key you have — hybrid: generate random AES key, encrypt message with AES, encrypt AES key with their RSA / ECDH public key.
• Verifying a download — SHA-256 hash. Compare against published checksum.
• Signing a message so the recipient can verify it is from you — Ed25519 or ECDSA signature. NOT plain encryption.
• Storing passwords on a server — Argon2id hash, not encryption. If passwords are encrypted, they can be decrypted. Hashed passwords can only be verified.
• TLS — combines symmetric (AES-GCM bulk encryption), asymmetric (ECDH for key exchange, RSA/ECDSA for cert signatures), and hashing (HMAC-SHA256 for MAC).

• You are learning cryptography and want hands-on demonstration of how encryption transforms data.
• You are debugging a crypto library issue and want to verify your implementation against a known-correct reference.
• You are explaining encryption concepts to non-cryptographers and want concrete visual examples.
• You are preparing for a security interview / certification and want to test your understanding of the operations.

• It will not generate production keys. The playground is educational; for real keys use a cryptographic library (Web Crypto API, libsodium, OpenSSL).
• It will not protect data in transit. Encrypting in this page and pasting result elsewhere is fine as a demo; for real secure transmission, use TLS with proper certificates.
• It will not implement every algorithm. Modern ciphers (AES, ChaCha20), hashes (SHA-256), and signatures (Ed25519, ECDSA) are covered. Niche/legacy (Twofish, Serpent, Salsa20) are not.
• It will not detect your implementation's vulnerabilities. Use this for understanding, then use vetted libraries in production code — never roll your own crypto.