CongoSky Skunkworks
Real AES-256-GCM, running in your browser via WebCrypto (no hand-rolled crypto — the spine stands on vetted primitives). Edit one character of the message: half the ciphertext bits flip. That's the avalanche — a tiny input change spreads everywhere, so ciphertext leaks nothing about the plaintext. Then try tampering with the ciphertext and watch it refuse to decrypt: that's the “authenticated” in authenticated encryption.
GCM gives confidentiality + integrity in one: a 128-bit authentication tag means any change to the ciphertext (or wrong key) is rejected — decryption fails closed, it doesn't return garbage. This is exactly the property the encryption proof demonstrates (there with a teaching-grade composition; here with the browser's audited AES). Same lesson: tamper + wrong-key are caught, not silently passed.