Cipher Learning Workbench | Compare Six Historical Methods

EncodingRuns in Your Browser (No Uploads)

Compare Atbash, Caesar, ROT13, ROT47, Vigenere, and repeating-key XOR in one bounded browser workbench. Inspect character changes, reverse examples, and distinguish historical cipher mechanics from modern authenticated encryption.

What to do next

Continue with a related workflow or open the next tool that usually follows this task.

How to Use This Tool

Choose Atbash, Caesar, ROT13, ROT47, Vigenere, or XOR according to the rule you want to study. Do not use this page as a security or secret-protection workflow.

Select Encode when starting with readable text or Decode when starting with a result. For Atbash, ROT13, and ROT47 the operation is self-inverse, but the direction label still records your learning step.

Set a shift from 1 through 25 for Caesar, an ASCII A-Z key for Vigenere, or an exact UTF-8 key and Hex or canonical padded Base64 format for XOR.

Run the transform and compare transformed and preserved character counts. Non-ASCII text remains unchanged in the classical letter modes, while XOR works on the complete UTF-8 byte sequence.

Use the reverse-direction action to move the result back into the input and confirm the sample round trip. Treat that check as a mechanics exercise, not evidence of modern cryptographic security.

When to Use This Tool

Teach substitution and rotation mechanics

Run known vectors side by side and inspect which characters are transformed, preserved, wrapped, or paired with a repeating key position.

Work through a classroom or CTF exercise

Enter a provided classical-cipher key or shift, decode a small challenge value, and record the exact settings without claiming that the puzzle method is secure.

Demonstrate a round trip

Encode one phrase, send the result back through the opposite direction, and compare the restored text to understand reversibility and format matching.

Explain encoding versus hashing versus encryption

Compare Base64 representation, hashing, and reversible ciphers so learners can identify transport encoding, one-way fingerprints, toy transformations, and real encryption as different concepts.

Common Mistakes

Treating a historical cipher as secure encryption

These transformations expose patterns, have tiny or repeating key spaces, and provide no authentication. They can demonstrate an idea but cannot protect passwords, tokens, private messages, customer records, or files.

Assuming every Unicode character is transformed

Atbash, Caesar, ROT13, and Vigenere change ASCII A-Z letters only in this workbench. Accents, Korean, Japanese, emoji, punctuation, and whitespace remain visible and do not become encrypted content.

Expecting a Vigenere key to be cleaned automatically

The Vigenere key must contain ASCII letters A-Z only. Invalid characters are rejected instead of being silently removed, and the key advances only when an ASCII letter is transformed.

Confusing XOR bytes with their text encoding

Hex and Base64 only represent the XOR output bytes. Decoding requires the same format and the exact same UTF-8 key; changing either can produce an error or unrelated text.

Using reversibility as a security test

A successful round trip proves that one sample reversed under the selected settings. It does not prove confidentiality, authenticity, tamper resistance, randomness, or compatibility with another implementation.

Examples

See a fixed substitution alphabet

Atbash mirrors each English letter and preserves case, spaces, digits, and non-ASCII text. Applying Atbash again restores the source.

Input
Atbash encode: Abc Xyz 123 한글
Output
Zyx Cba 123 한글

Compare a movable alphabet shift

A Caesar shift of three wraps Z back to C. Decode subtracts the same selected shift while preserving punctuation and letter case.

Input
Caesar encode, shift 3: Attack at Dawn!
Output
Dwwdfn dw Gdzq!

Follow a repeating alphabetic key

The key repeats over ASCII letters only. Spaces and punctuation are preserved and do not consume a key position.

Input
Vigenere encode, key LEMON: ATTACKATDAWN
Output
LXFOPVEFRNHR

Inspect an exact XOR byte vector

The plaintext and key are converted to UTF-8 bytes before repeating-key XOR. Hex is a readable representation of those result bytes, not encryption by itself.

Input
XOR encode, key demo, Hex: hello world
Output
0c0001030b451a00160909

Exact ASCII transforms, strict UTF-8 XOR, and explicit non-security boundaries

Atbash replaces A with Z, B with Y, and so on across the 26 ASCII letters. Caesar adds one selected shift from 1 to 25, while ROT13 is the fixed shift of 13. Atbash and ROT13 are self-inverse; Caesar decode subtracts the chosen shift. Case is preserved and characters outside ASCII A-Z are copied unchanged.

ROT47 operates on printable ASCII code points 33 through 126, so it changes digits and punctuation as well as letters while preserving spaces, line breaks, and non-ASCII text. The 94-character range is rotated by half its length, making ROT47 self-inverse. It is an obfuscation exercise, not a character-encoding standard or security primitive.

Vigenere derives one shift per ASCII letter of the key and repeats those shifts over the input. This implementation accepts A-Z or a-z only, preserves source case, and advances the key only when an ASCII letter is transformed. It rejects spaces, digits, punctuation, and non-ASCII key characters rather than silently changing the key.

Repeating-key XOR converts plaintext and the key to UTF-8 bytes, XORs every input byte with the corresponding repeating key byte, and represents the result as exact Hex or canonical padded standard Base64. Decode parses that representation strictly, applies the same XOR operation, and requires the result to be valid visible UTF-8. Reusing a short repeating key exposes patterns and offers no authentication.

Readable text is capped at 1,000,000 Unicode code points and 1 MiB of UTF-8, encoded XOR input at 2,097,152 characters, keys at 128 code points and 256 bytes, and output at 2 MiB. Unsupported controls and unmatched UTF-16 surrogates are rejected. Processing stays in the browser; aggregate analytics omits input, key, and output values.

Frequently Asked Questions

Can I use any of these ciphers to protect real secrets?

No. Every included method is for history, puzzles, CTF practice, and byte-level learning. For real data, use a reviewed authenticated-encryption construction and a platform or library that manages nonces, keys, authentication tags, and failures correctly.

How are Atbash, ROT13, and ROT47 different?

Atbash mirrors A-Z, ROT13 rotates letters by 13, and ROT47 rotates all printable ASCII characters from ! through ~ by 47. Each is self-inverse, so the same operation encodes and decodes.

How does Vigenere differ from Caesar?

Caesar uses one numeric shift for every ASCII letter. Vigenere uses a repeating sequence of shifts derived from an A-Z key, advancing that sequence only on ASCII letters in this implementation.

Should I choose Hex or Base64 for XOR output?

Hex and Base64 are reversible text encodings for the same XOR result bytes. Hex is convenient for inspecting every byte; Base64 is shorter. The selected format must match during decode.

Are my text and cipher keys uploaded?

The transform runs locally. Consent-aware analytics may receive the mode, direction, output format, byte counts, character counts, duration, and an error code, but not the input, key, or output text. Local processing still does not make an unapproved secret appropriate to paste into a browser.

How This Tool Was Verified

Maintained and tested by Reviewed

Method: In Cipher Learning Workbench, the “Reproduce one exact UTF-8 repeating-key XOR vector” fixture was run without repairing or simplifying its input. We verified the transition from “Select the exact byte representation” to “Reverse with the same key and format”, compared the final artifact or values, and reviewed “Applying XOR to visible characters instead of UTF-8 bytes” plus “Mixing Hex and Base64 during decode” as non-success paths.

Expected result: The demo key produced Hex 0c0001030b451a00160909 and Base64 DAABAwtFGgAWCQk=, both decoded back to “hello world,” and the UI continued to identify repeating-key XOR as instructional rather than secure encryption.

Open the tested workflow

Related workflow guides

Use these focused guides when you need a practical workflow before opening the tool.

Related Tools

Continue with another maintained workflow

Browse All Tools