Which algorithm and key size should I use?

The HMAC key must be at least as long as the hash output to avoid weakening the algorithm:

HS256 — SHA-256 produces 32 bytes; your key should be ≥ 32 bytes
HS384 — SHA-384 produces 48 bytes; your key should be ≥ 48 bytes
HS512 — SHA-512 produces 64 bytes; your key should be ≥ 64 bytes

For most applications, HS256 with a 32-byte key is sufficient. If you need extra assurance or are signing particularly sensitive tokens, use HS384 or HS512. Larger keys do not meaningfully slow down signing but do increase token size when the key is transmitted.

HMAC vs RSA/ECDSA — when to use which

HMAC (HS*) uses the same secret for signing and verification. This is fine when both the issuer and verifier are the same service (e.g., a single API). If different services need to verify tokens without being able to issue them, use RSA (RS256) or ECDSA (ES256) — asymmetric algorithms where only the private key can sign but any holder of the public key can verify.

HMAC secrets must never be shared publicly. RSA/ECDSA public keys can be exposed safely (and are usually served at a /.well-known/jwks.json endpoint).

Why not just pick a password?

Passwords are low-entropy by design — they need to be memorable. A JWT secret should have full cryptographic entropy. The secrets this tool generates have 256 bits (HS256), 384 bits (HS384), or 512 bits (HS512) of true randomness, making brute-force attacks computationally infeasible.

JWT secrets picked from passwords can be cracked in minutes with tools like hashcat. A properly generated secret cannot be cracked in any practical timeframe.

Related tools

NextAuth Secret Generator — AUTH_SECRET for Auth.js / Next.js
Secret Generator — API keys, session tokens, passwords
OpenSSL Rand Generator — replicate openssl rand in-browser