History

12 snapshots

Tracking since Apr 1, 2026.

View as table

Date	Users	Rating	Reviews	Version
Apr 1, 2026	53	—	—	1.0.1
Apr 19, 2026	58	—	—	1.0.1
Apr 29, 2026	60	—	—	1.0.1
May 4, 2026	50	—	—	1.1.0
May 9, 2026	51	—	—	1.1.0
May 16, 2026	37	—	—	1.1.0
May 20, 2026	41	—	—	1.1.0
May 25, 2026	38	—	—	1.1.0
May 29, 2026	39	—	—	1.1.0
Jun 3, 2026	37	—	—	1.1.0
Jun 8, 2026	35	—	—	1.1.0
Jun 14, 2026	44	—	—	1.1.0
Now	43	—	—	1.1.0

Changelog

Apr 29, 2026

description

Offline Pass is a self-service password manager that generates passwords for any host or URL deterministically using a master password without depending on any central server. In fact, no data is sent to any server. The extension works fully locally.

OfflinePass is a deterministic password manager that turns one Master Key
into a unique, secure password for every site — entirely in your browser.
No server. No vault. No sync. Lose your device and you can recover every
password on a fresh install just by remembering one phrase.

──────────────────────────────────────────
THE WHOLE ALGORITHM, ON ONE SCREEN
──────────────────────────────────────────

msg = "github.com" + "|" + "[email protected]" + "|2026|0"
mac = hmac-sha256(masterKey, msg)
password = base58(mac).slice(0, 16)
// → 0$87booSaeaKYnhgEq

That's it. Three inputs (host, identity, year), one HMAC-SHA256, base58
encoded and truncated to 16 characters. Same Master Key + same site +
same identity always produces the same password — on any device, on
any version, forever.

──────────────────────────────────────────
WHY OFFLINEPASS
──────────────────────────────────────────

• No server, ever
Every password is computed locally. Open the network tab and watch —
there are zero requests after the popup loads.

• Nothing to back up
No vault, no sync, no database. The only secret is your Master Key,
and only you remember it.

• Deterministic
Forget syncing across devices. Type the same Master Key on a fresh
install and you instantly recover every password.

• Audit the math, not us
HMAC-SHA256 + Base58. ~94 bits of entropy in the truncated output.
The whole thing is a few lines of TypeScript you can read in one
sitting. Source on GitHub: github.com/sireto/offlinepass

• Zero tracking
No analytics, no fingerprinting, no telemetry, no cookies you didn't
ask for. Apache 2.0 license, free for any use.

──────────────────────────────────────────
HOW TO USE IT
──────────────────────────────────────────

1. Click the OfflinePass icon (or press Ctrl/Cmd+Shift+F).
2. Type your Master Key.
3. The current site is filled in automatically; type your username.
4. The 16-character password appears in the result card. Click copy.

That's the whole flow. Same site, same identity, same Master Key →
the same password every time.

──────────────────────────────────────────
OPTIONAL: SAVE YOUR MASTER KEY WITH A PIN
──────────────────────────────────────────

If you don't want to retype your Master Key on every visit, you can
encrypt it locally with a PIN:

• Key derivation: PBKDF2-HMAC-SHA256, 250,000 iterations, 16-byte
random per-MSK salt.
• Cipher: AES-GCM with a 12-byte random IV. The auth tag is what tells
us a wrong PIN was entered — there is no separate hash to crib
against.
• Storage: localStorage on this device only. Nothing is synced or sent
over the network.

Enter the wrong PIN and the GCM auth tag fails — the ciphertext is
useless without it. PINs are short, so a long PIN (or no PIN at all)
is stronger; we explain the trade-off in SECURITY.md.

──────────────────────────────────────────
PERMISSIONS
──────────────────────────────────────────

This extension requests one permission:

• activeTab — used only to read the URL of the tab where you opened
the popup, so OfflinePass can pre-fill the host field. The URL never
leaves your browser.

──────────────────────────────────────────
PRIVACY
──────────────────────────────────────────

OfflinePass collects nothing. There is no analytics endpoint, no
fingerprinting, and no remote configuration. The extension makes zero
network requests after install. The full source is published under
Apache 2.0 — verify it yourself.

──────────────────────────────────────────
LINKS
──────────────────────────────────────────

• Source code: https://github.com/sireto/offlinepass
• Web app: https://offlinepass.com
• Security policy: https://github.com/sireto/offlinepass/blob/main/SECURITY.md
• License: Apache 2.0

Apr 29, 2026

short_description

Self Service Password Manager

Deterministic, client-side password manager. One Master Key — every password derived.

Apr 29, 2026
name
```
Offline Pass
```
```
OfflinePass
```
Apr 29, 2026
category
```
productivity/workflow
```
```
productivity/tools
```

Permissions & access

Permissions: activeTab
Host access: None declared

Screenshots

About