What is this?

This is a tool I created for encrypting and decrypting sensitive text easily. It does not require an account or other software. Also, this tool does not use any trackers or ads, and respects your privacy. You can use this to protect sensitive data before it is stored in insecure places, like the notes attached to your LastPass passwords.

Is it safe?

Yes, provided that you use a strong password. All tasks are preformed on your device, and your data is not sent to any server. In fact, there is no server, so you can even use this tool offline, which I recommend as a best practice.

How does it work?

Encdec uses AES-CBC-256 with a variable IV, and a key that is derived from 600,000 rounds of SHA256-PBKDF2 on the password. Currently, this is the recommended hardness by OWASP. It relies on the WebCrypto API provided by the browser, so it is recommended that you use a fairly recent browser. Additionally, a random salt is used in the hashing process as well to stop preimage attacks.

Why is the encryption different for the same text and the password?

The reason why is because the randomly-generated salt and IV are also included inside the encryption, so that it is possible to decrypt it again.