Encrypt and decrypt text using the Salsa20 stream cipher — Daniel J. Bernstein's high-performance 256-bit encryption algorithm. Runs entirely in your browser.
A comprehensive, browser-based Salsa20 encryption suite built for developers, students, and security researchers.
Uses a full 256-bit key with SHA-256 password derivation, providing robust encryption strength recommended by cryptographers worldwide.
Optimized JavaScript implementation processes data in milliseconds. All computation runs locally with zero network latency or server round-trips.
Your data never leaves your browser. No server uploads, no logging, no third-party scripts. Complete privacy guaranteed with every encryption.
Instant feedback on key format, nonce validity, and input encoding. Error indicators update as you type, preventing mistakes before they happen.
Understand exactly how Salsa20 processes your data with a detailed breakdown of key derivation, nonce usage, block generation, and XOR operations.
Supports UTF-8 text and hexadecimal input with Hex and Base64 output. Flexible enough for educational use, testing, and real-world cryptographic workflows.
Four simple steps to encrypt your data using the Salsa20 stream cipher algorithm.
Enter a password or 64-character hex key. Passwords are hashed via SHA-256 to derive a secure 256-bit encryption key.
A unique 8-byte nonce (number used once) is created randomly or provided manually. This ensures each encryption produces different output.
Salsa20 initializes a 4×4 state matrix with key, nonce, counter, and constants, then applies 20 mixing rounds to generate 64-byte keystream blocks.
Each byte of plaintext is XORed with the corresponding keystream byte. The same process decrypts, making Salsa20 symmetric and simple.
Salsa20 is a high-performance stream cipher designed by the renowned cryptographer Daniel J. Bernstein in 2005. It quickly gained recognition for its exceptional speed on modern processors and strong, well-studied security guarantees. Unlike block ciphers such as AES that operate on fixed-size data blocks, Salsa20 generates a continuous pseudorandom keystream that is XORed with plaintext to produce ciphertext. This stream cipher approach makes Salsa20 inherently flexible for encrypting data of arbitrary length without requiring padding schemes or complex block cipher modes of operation.
The core of the Salsa20 algorithm operates on a compact 4×4 matrix of 32-bit unsigned integers. The state is initialized with four fixed constants, 32 bytes of key material split into eight words, an 8-byte nonce in two words, and a 64-bit counter in two words. For each 64-byte block of output, the cipher copies this initial state and applies exactly 20 rounds of quarter-round operations. Each double-round alternates between mixing the four columns and mixing the four rows of the matrix, ensuring thorough diffusion of every input bit throughout the entire state. The final keystream block is produced by adding the mixed state back to the original, preserving the counter information needed for synchronization.
When comparing Salsa20 vs ChaCha20, both ciphers share the same mathematical foundation and security proofs. ChaCha20, also created by Bernstein, modifies the quarter-round function to achieve better diffusion in fewer rounds. This improvement has made ChaCha20 the preferred choice in modern protocols like TLS 1.3, WireGuard VPN, and Google's QUIC transport. Nevertheless, Salsa20 remains important for educational study and continues to serve in various cryptographic libraries and legacy deployments. Developers learning how to use Salsa20 will find that understanding it provides an excellent foundation for mastering ChaCha20 and the broader family of ARX-based ciphers.
Understanding how the Salsa20 cipher works is valuable for developers, security auditors, and cryptography students. Its real-world use cases include real-time network traffic encryption, secure file storage, encrypted messaging protocols, and cryptographically secure pseudorandom number generation. The algorithm eliminates padding requirements and mode-of-operation complexities that plague block cipher implementations, reducing the attack surface considerably. A Salsa20 decoder performs the same operation as the encoder since stream ciphers use symmetric XOR for both directions.
To use a Salsa20 cipher safely, always generate a cryptographically random nonce for every encryption with the same key, as nonce reuse completely breaks the cipher's security by revealing the XOR of two plaintexts. Derive encryption keys from user passwords using robust key derivation functions like PBKDF2, scrypt, or Argon2 rather than using raw text as keys. While Salsa20 with 256-bit keys has withstood extensive cryptanalysis without practical attacks, new projects are encouraged to adopt ChaCha20 or its 12-round variant ChaCha12 for their improved diffusion and wider industry acceptance in modern encryption protocols.
| Feature | Salsa20 | ChaCha20 |
|---|---|---|
| Designer | Daniel J. Bernstein | Daniel J. Bernstein |
| Year | 2005 | 2008 |
| Rounds | 20 (10 double-rounds) | 20 (10 double-rounds) |
| Block Size | 64 bytes | 64 bytes |
| Key Size | 128 / 256 bits | 128 / 256 bits |
| Nonce Size | 64 bits | 64 / 96 bits |
| Diffusion per Round | Lower | Higher |
| Modern Adoption | Educational / Legacy | TLS 1.3, WireGuard, SSH |
| Security Status | Unbroken | Unbroken |
Common questions about the Salsa20 cipher, encryption process, and this tool.
Discover our full suite of free, client-side cipher and decoder tools for security researchers, developers, and students.