hello everyone
I’ve been tired of paying $60/year just to securely share Netflix and WiFi passwords with my family. I wanted to build a lightweight, secure alternative that runs entirely on the Edge and is only 5$ per year!
Here is how I built EazyPasswords, a Zero-Knowledge vault that costs me almost nothing to run, thanks to the modern serverless stack.
The Stack
I wanted instant load times and zero cold starts, so I avoided traditional containers.
Backend: Hono running on Cloudflare Workers.
Database: Cloudflare D1 (SQLite at the Edge).
Frontend: Vanilla JS (hosted on Cloudflare Pages).
Crypto: Native Web Crypto API (window.crypto.subtle).
The Architecture: True Zero-Knowledge
The biggest challenge was ensuring I (the server admin) could never see the user's data.
Here is the flow I implemented:
Registration: The client generates a random Salt. The Master Password is hashed with PBKDF2 (100k iterations). We derive an AuthKey (sent to server) and a MasterKey (kept in memory).
Encryption: Before any data leaves the browser, it is encrypted using AES-GCM (256-bit) with the MasterKey.
Storage: The server receives a JSON payload of iv and ciphertext. D1 stores this blob. It has no idea what it contains.
The "Visual Dead Drop" (QR Sharing)
This is the feature I'm most proud of. I wanted to share passwords without sending the decryption key over the network (which is a common attack vector).
I built a Visual Dead Drop system:
Sender: Client generates a random, ephemeral AES key.
Encrypt: The password blob is encrypted with this ephemeral key and uploaded to D1.
The Trick: The ephemeral key is NOT sent to the server. Instead, it is encoded into a QR Code string displayed on the sender's screen.
Receiver: Scans the QR code. Their device extracts the key from the image, fetches the blob from D1, and decrypts it locally.
The server holds the lock, but the key exists only in the physical world (on the screen)
.
Why Cloudflare D1?
For a side project, cost is everything. D1 allows for millions of reads/writes for free. This architecture allows me to offer a Free Family Plan to users because my overhead is practically zero.
I need your feedback (Beta)
I am currently in Open Beta. Since I'm a backend engineer, my UI skills aren't perfect, but the crypto engine is solid.
I’m looking for developers to stress-test the encryption speed and the QR code scanning across different devices.
And if you have any questions about something you dont get feel free to ask
You can try it here: Eazypasswords
(If you sign up during the beta, you get the Family Plan for free forever as a thank you for testing).
Top comments (0)