Comments on: Passlet: Ajax password manager with AES client-side encryption

By: John Hobbs

John Hobbs — Fri, 08 Dec 2006 08:29:16 +0000

BlowPass is an open source version of the same thing using the blowfish algorithm instead. It's still in development (it was created a little over 3 days ago actually) but it's already got a decent amount of functionality. Check Out The Demo @ http://static.velvetcache.org/projects/blowpass/demo/

By: VelvetCache.org » John Hobbs Blog » Blog Archive » Passlet.com

VelvetCache.org » John Hobbs Blog » Blog Archive » Passlet.com — Mon, 04 Dec 2006 21:58:17 +0000

[...] I saw on my Ajaxian feed today a neat service called Passlet. Essentially it is a password keeper, like KisKis or the one built into Firefox. The novelty here is that it uses JavaScript to handle all the encrypting and decrypting on the client side. That means no transmission of clear text information, not even over SSL. [...]

By: Passlet: Ajax password manager with AES client-side encryption :: Newstack

Passlet: Ajax password manager with AES client-side encryption :: Newstack — Sat, 02 Dec 2006 08:06:29 +0000

[...] Read more: here [...]

By: Jason Kichline

Jason Kichline — Fri, 01 Dec 2006 22:09:22 +0000

It looks like the system does not use asynchronous processing at all which creates some poor performance when submitting this information. The browser interface becomes unresposnse.

By: Morgan Roderick

Morgan Roderick — Thu, 30 Nov 2006 15:53:37 +0000

Related
For “insecure” passwords on websites, i use the passwdlet

http://labs.zarate.org/passwd/

It’s “only” md5, but at least the generated passwords are seemingly random and requires some effort to crack.

Neat thing is that it doesn’t require anything from a server :)

By: murphy

murphy — Thu, 30 Nov 2006 14:32:39 +0000

i think this is a nice idea. We need only example how to implement it on own sites ;)

By: Trevor

Trevor — Thu, 30 Nov 2006 10:08:18 +0000

Garcia stated an opinion in response, rather than pummeling you with a fire hose. Chill.

By: Don Park

Don Park — Wed, 29 Nov 2006 22:39:10 +0000

Garcia, what I am saying applies to not only the web but to real life. But I still wouldn’t make the ridiculous leap of logic you made because requiring zero risk is as vain as requiring perfection. BTW, I am just stating my opinion, not burning someone’s house down. Chill.

By: Garcia

Garcia — Wed, 29 Nov 2006 20:02:09 +0000

Basically what you are saying applies to any content you can get through the web, ergo your corolary is that you shouldnt trust anything that you do online whatsoever.

By: Don Park

Don Park — Wed, 29 Nov 2006 19:22:45 +0000

Unfortunately, Host-Proof Hosting pattern is unsafe as-is because it still relies on script sent from the server. If hackers can steal server-side data, encrypted or not, hackers can poison *.js files containing the script that runs on the client-side. The pattern also requires strong anti-phishing protection. Frankly, I don’t think any of the anti-phishing solutions out there is strong enough protection to guard universal password.