Along with the S3 stuff I'm poking at in AJAX, I'd like to retain the user's key ID and secret for S3 locally so that it doesn't need to be reentered all the time or stuck into constants on a server-held file. But, I don't want to stick it into cookies or anything that will go over the wire - since the whole point of the HMAC authentication is to prevent that from happening.
I've looked at AMASS, but it appears to be broken on Mac - which is a non-starter for me on my PowerBook. I'm wondering if there's any other practical way to retain a pair of strings locally across browsers for an AJAX app. Because, beyond just that bit of local storage requirement, I've got entire vistas of persistence available on S3.
I suppose I could stick the credentials in a cookie, then further encrypt them with a friendlier username / passphrase. The main issue I see with constantly reentering the credentials is that they're these big honking strings that I'll never be able to remember like a username and password.