Is XOR encryption secure?

Only if the key is at least as long as the plaintext and never reused (a one-time pad). A short repeating key is weak: an attacker who knows part of the plaintext can recover the key.

How do I decrypt XOR output?

XOR is its own inverse. Paste the ciphertext bytes (as text or hex) into the Input field and use the same key — the output is your original plaintext.

What is the hex key mode?

In hex key mode you supply the key as a hex string (e.g. 2f4a9c). Each pair of hex digits becomes one key byte. This is common in CTF challenges and binary protocols.

What does the key-reuse warning mean?

When the key is shorter than the input, the key repeats. A repeated key leaks patterns into the ciphertext that statistical attacks can exploit.

XOR Cipher Tool

Name: XOR Cipher Tool
Availability: InStock
Author: Nham Vu

Encrypt or decrypt text with XOR using a text or hex key. Shows hex and base64 output, warns when the key is shorter than the plaintext.

Input (plaintext or ciphertext)

Key

Enter an even-length hex string, e.g. 2f4a9c

Output (text)

Hex

—

Base64

—

Sample inputs — click to load

Copied!

Summary

Encrypt or decrypt text with XOR using a text or hex key. Shows hex and base64 output, warns when the key is shorter than the plaintext.

How it works

Enter plaintext (or ciphertext to decrypt) in the input field.
Type a key in text or hex format and select the matching mode.
The tool XORs each input byte with the corresponding key byte, cycling the key.
Hex and base64 representations of the result appear instantly.
A warning highlights key reuse when the key is shorter than the input.

Use cases

Demonstrate XOR encryption in a cryptography or security course.
Quickly obfuscate short strings for non-sensitive local storage.
Test CTF (capture-the-flag) challenges that use XOR with a repeating key.
Illustrate why short, repeated keys are vulnerable to known-plaintext attacks.

Frequently Asked Questions

Last updated: 2026-07-01 · Reviewed by Nham Vu