AJAX Password Manager With AES Client-Side Encryption

Passlet currently in it’s beta stage, is an online password manager. Unlike other password managers, it does not require you to disclose your master password to anyone, including its own server. This is done by performing all encryption and decryption operations exclusively within your browser. Passlet uses the strongest form of encryption, the Advanced Encryption […]

Passlet currently in it’s beta stage, is an online password manager. Unlike other password managers, it does not require you to disclose your master password to anyone, including its own server. This is done by performing all encryption and decryption operations exclusively within your browser.

Passlet uses the strongest form of encryption, the Advanced Encryption Standard (AES). This encryption is performed completely within your browser. It uses the industry-standard key derivation PBKDF2 (c.f. RFC 2898) to obtain a 128-bit AES key from your master password. This key derivation is performed completely within your browser.

Once stored, Passlet with it’s unique approach, allows you to access your passwords from any browser in the world while at the same time making your information impossible to read outside that browser. It does this by performing all encryption and decryption operations within the browser itself, making sure that your password and derived encryption key never leave your computer. It is therefore imperative that you use a trusted computer to access Passlet.

There are other services too, that offer online password management:

Agatra: Agatra securely organizes your passwords for sites you routinely log into. It even logs you in to a lot of them automatically. You can use Agatra from any computer with an internet connection, not just your personal computer. Agatra takes you directly to the information you care about.

It uses the blowfish symmetric block cypher encryption technology. It's so secure that not even employees of Agatra can gain access to your passwords. It is actually using an AES SSL certificate for all pages that require or display sensitive information. All of our other pages use alternative forms of security to validate a user's identity.

Halfnote: is a (very) simple notepad you can access from anywhere. Once you create an account, your stuff will be encrypted using your password. This means that when I'm feeling nosey and poking around the database, I won't be able to read your secret plans. Huzzah!

Parvez Anandam author of Passlet points out —"Agatra does not encrypt and decrypt passwords locally, whereas Passlet does. All AES encryption and decryption is done completely client-side. The server does not ever see the master password. Passlet uses the key derivation function PBKDF2 (c.f. RFC 2898) to derive a 128-bit AES key from the master password. I believe this is the first and only JavaScript implementation of this key derivation." Another website along these lines is Halfnote.

Passlet is an example of the Host-Proof Hosting more closely than Agatra and Halfnote - Parvez says "While I was reading it, I couldn't help but smile: your design pattern is a generalization of what I was thinking in the specific context of a password manager. And now you have a real-world example of this design pattern!"

Parvez Anandam, has developed a “Password-Based Key Derivation Function 2 (PBKDF2)” – A JavaScript implementation. Here is what is says:

“It is often necessary to derive an encryption key from a password. Passwords are easy for humans to remember whereas keys are needed in encryption schemes. A standard mechanism for performing a key derivation is given in RFC 2898.

With the rise of AJAX, more powerful browser software is the norm. In the near future, it is likely that JavaScript-based encryption will find broad use. A JavaScript implementation of the password-based key derivation function 2 (PBKDF2) from RFC 2898 is presented here for use in such applications. The source code is available under the BSD license. It makes use of the excellent SHA-1 JavaScript library by Paul Johnston.”

Download the source code | Demo

Passlet | Agatra | Halfnote

ajaxian

AJAX Password Manager With AES, Client-Side Encryption, Passlet, Agatra, Halfnote