I saw on my Ajaxian feed today a neat service called Passlet. Essentially it is a password keeper, like KisKis or the one built into Firefox. The novelty here is that it uses JavaScript to handle all the encrypting and decrypting on the client side. That means no transmission of clear text information, not even over SSL.

I happily admit I’d been thinking about this concept for at least 4 months. See, I liked KisKis a lot. It was Java, used good, solid encryption and had a nice interface. Problem was, it’s hard to keep my thumb drive version synced to my box versions, and I rarely remembered to anyway. So I thought, why not make a web based password keeper that used JavaScript to keep it secure?

The result was BlowPass which uses a JavaScript implementation of the Blowfish cipher. I was working on the Ajax stuff when I got frustrated with mootools and left it alone. It has several key weaknesses, and I suppose I could learn from Passlet, but, I may as well just use it instead of finishing BlowPass. If you want the source to BlowPass leave me a note. Thats my GPL disclaimer since the Blowfish implementation was GPL’d.

Posted December 4th, 2006 - Permalink
Categories: BlowPass - Internet - JavaScript - Open Source - PHP - Projects - Security
You can leave a comment, or trackback from your own site.

One Response to “Passlet.com”

1. Tara Says:
   January 11th, 2007 at 4:56 am

   Passlet is well done. It seems like the idea was in the air, because a few online password managers sprout up all around the same time, all based on the Host-Proof Hosting pattern. We were building PassPack when I saw the article come out on Passlet over at Ajaxian, also saw a comment for BlowPass… was that you? Anyway, good luck to you and cheers.