December 4, 2006

I saw on my Ajaxian feed today a neat service called Passlet. Essentially it is a password keeper, like KisKis or the one built into Firefox. The novelty here is that it uses JavaScript to handle all the encrypting and decrypting on the client side. That means no transmission of clear text information, not even over SSL.

I happily admit I’d been thinking about this concept for at least 4 months. See, I liked KisKis a lot. It was Java, used good, solid encryption and had a nice interface. Problem was, it’s hard to keep my thumb drive version synced to my box versions, and I rarely remembered to anyway. So I thought, why not make a web based password keeper that used JavaScript to keep it secure?

The result was BlowPass which uses a JavaScript implementation of the Blowfish cipher. I was working on the Ajax stuff when I got frustrated with mootools and left it alone. It has several key weaknesses, and I suppose I could learn from Passlet, but, I may as well just use it instead of finishing BlowPass. If you want the source to BlowPass leave me a note. Thats my GPL disclaimer since the Blowfish implementation was GPL’d.

Update (01/11/07)
BlowPass is semi-active now, you can get more information and try it out at It’s still a rather raw version though. If you aren’t concerned about the “open-source” aspect (e.g. don’t want to host it and mod it yourself) I’d go use passlet or passpack.


  1. Tara says:

    Passlet is well done. It seems like the idea was in the air, because a few online password managers sprout up all around the same time, all based on the Host-Proof Hosting pattern. We were building PassPack when I saw the article come out on Passlet over at Ajaxian, also saw a comment for BlowPass… was that you? Anyway, good luck to you and cheers.

  2. […] I thought that I had moved past BlowPass. I guess I was wrong. I’ve been spending every spare moment working on it. I found what I […]

Leave A Comment

Your email will not be published.