[empressplay]

Some of the "common passwords" listed in the javascript are a hoot!

That said it looks like it does it all client-side (but I'm not 100% sure -- could we get a confirmation on that?)