diff --git a/doc/LICENSE.md b/doc/LICENSE.md
index 9818518..f2e1d01 100644
--- a/doc/LICENSE.md
+++ b/doc/LICENSE.md
@@ -152,10 +152,18 @@ Both came with the following license:
 > OTHER DEALINGS IN THE FONT SOFTWARE.
 
 
-Javascript MD5 Library
+JavaScript xxtea library
 ======================
 
-Obtained from <https://github.com/blueimp/JavaScript-MD5>, which says:
+Obtained from <http://www.movable-type.co.uk/scripts/tea-block.html>,
+which says:
 
-> The JavaScript MD5 script is released under the
-> [MIT license](http://www.opensource.org/licenses/MIT).
+> I offer these formulæ & scripts for free use and adaptation as my
+> contribution to the open-source info-sphere from which I have
+> received so much. You are welcome to re-use these scripts (under a
+> simple [attribution](http://creativecommons.org/licenses/by/3.0/)
+> license, without any warranty express or implied) provided solely
+> that you retain my copyright notice and a link to this page.
+
+Confusingly, the code itself says "MIT License". Both are compatible
+with the larger project, however.
\ No newline at end of file
diff --git a/www/res/md5.min.js b/www/res/md5.min.js
deleted file mode 100644
index 3399bf4..0000000
--- a/www/res/md5.min.js
+++ /dev/null
@@ -1,2 +0,0 @@
-!function(n){"use strict";function t(n,t){var r=(65535&n)+(65535&t),e=(n>>16)+(t>>16)+(r>>16);return e<<16|65535&r}function r(n,t){return n<<t|n>>>32-t}function e(n,e,o,u,c,f){return t(r(t(t(e,n),t(u,f)),c),o)}function o(n,t,r,o,u,c,f){return e(t&r|~t&o,n,t,u,c,f)}function u(n,t,r,o,u,c,f){return e(t&o|r&~o,n,t,u,c,f)}function c(n,t,r,o,u,c,f){return e(t^r^o,n,t,u,c,f)}function f(n,t,r,o,u,c,f){return e(r^(t|~o),n,t,u,c,f)}function i(n,r){n[r>>5]|=128<<r%32,n[(r+64>>>9<<4)+14]=r;var e,i,a,h,d,l=1732584193,g=-271733879,v=-1732584194,m=271733878;for(e=0;e<n.length;e+=16)i=l,a=g,h=v,d=m,l=o(l,g,v,m,n[e],7,-680876936),m=o(m,l,g,v,n[e+1],12,-389564586),v=o(v,m,l,g,n[e+2],17,606105819),g=o(g,v,m,l,n[e+3],22,-1044525330),l=o(l,g,v,m,n[e+4],7,-176418897),m=o(m,l,g,v,n[e+5],12,1200080426),v=o(v,m,l,g,n[e+6],17,-1473231341),g=o(g,v,m,l,n[e+7],22,-45705983),l=o(l,g,v,m,n[e+8],7,1770035416),m=o(m,l,g,v,n[e+9],12,-1958414417),v=o(v,m,l,g,n[e+10],17,-42063),g=o(g,v,m,l,n[e+11],22,-1990404162),l=o(l,g,v,m,n[e+12],7,1804603682),m=o(m,l,g,v,n[e+13],12,-40341101),v=o(v,m,l,g,n[e+14],17,-1502002290),g=o(g,v,m,l,n[e+15],22,1236535329),l=u(l,g,v,m,n[e+1],5,-165796510),m=u(m,l,g,v,n[e+6],9,-1069501632),v=u(v,m,l,g,n[e+11],14,643717713),g=u(g,v,m,l,n[e],20,-373897302),l=u(l,g,v,m,n[e+5],5,-701558691),m=u(m,l,g,v,n[e+10],9,38016083),v=u(v,m,l,g,n[e+15],14,-660478335),g=u(g,v,m,l,n[e+4],20,-405537848),l=u(l,g,v,m,n[e+9],5,568446438),m=u(m,l,g,v,n[e+14],9,-1019803690),v=u(v,m,l,g,n[e+3],14,-187363961),g=u(g,v,m,l,n[e+8],20,1163531501),l=u(l,g,v,m,n[e+13],5,-1444681467),m=u(m,l,g,v,n[e+2],9,-51403784),v=u(v,m,l,g,n[e+7],14,1735328473),g=u(g,v,m,l,n[e+12],20,-1926607734),l=c(l,g,v,m,n[e+5],4,-378558),m=c(m,l,g,v,n[e+8],11,-2022574463),v=c(v,m,l,g,n[e+11],16,1839030562),g=c(g,v,m,l,n[e+14],23,-35309556),l=c(l,g,v,m,n[e+1],4,-1530992060),m=c(m,l,g,v,n[e+4],11,1272893353),v=c(v,m,l,g,n[e+7],16,-155497632),g=c(g,v,m,l,n[e+10],23,-1094730640),l=c(l,g,v,m,n[e+13],4,681279174),m=c(m,l,g,v,n[e],11,-358537222),v=c(v,m,l,g,n[e+3],16,-722521979),g=c(g,v,m,l,n[e+6],23,76029189),l=c(l,g,v,m,n[e+9],4,-640364487),m=c(m,l,g,v,n[e+12],11,-421815835),v=c(v,m,l,g,n[e+15],16,530742520),g=c(g,v,m,l,n[e+2],23,-995338651),l=f(l,g,v,m,n[e],6,-198630844),m=f(m,l,g,v,n[e+7],10,1126891415),v=f(v,m,l,g,n[e+14],15,-1416354905),g=f(g,v,m,l,n[e+5],21,-57434055),l=f(l,g,v,m,n[e+12],6,1700485571),m=f(m,l,g,v,n[e+3],10,-1894986606),v=f(v,m,l,g,n[e+10],15,-1051523),g=f(g,v,m,l,n[e+1],21,-2054922799),l=f(l,g,v,m,n[e+8],6,1873313359),m=f(m,l,g,v,n[e+15],10,-30611744),v=f(v,m,l,g,n[e+6],15,-1560198380),g=f(g,v,m,l,n[e+13],21,1309151649),l=f(l,g,v,m,n[e+4],6,-145523070),m=f(m,l,g,v,n[e+11],10,-1120210379),v=f(v,m,l,g,n[e+2],15,718787259),g=f(g,v,m,l,n[e+9],21,-343485551),l=t(l,i),g=t(g,a),v=t(v,h),m=t(m,d);return[l,g,v,m]}function a(n){var t,r="",e=32*n.length;for(t=0;e>t;t+=8)r+=String.fromCharCode(n[t>>5]>>>t%32&255);return r}function h(n){var t,r=[];for(r[(n.length>>2)-1]=void 0,t=0;t<r.length;t+=1)r[t]=0;var e=8*n.length;for(t=0;e>t;t+=8)r[t>>5]|=(255&n.charCodeAt(t/8))<<t%32;return r}function d(n){return a(i(h(n),8*n.length))}function l(n,t){var r,e,o=h(n),u=[],c=[];for(u[15]=c[15]=void 0,o.length>16&&(o=i(o,8*n.length)),r=0;16>r;r+=1)u[r]=909522486^o[r],c[r]=1549556828^o[r];return e=i(u.concat(h(t)),512+8*t.length),a(i(c.concat(e),640))}function g(n){var t,r,e="0123456789abcdef",o="";for(r=0;r<n.length;r+=1)t=n.charCodeAt(r),o+=e.charAt(t>>>4&15)+e.charAt(15&t);return o}function v(n){return unescape(encodeURIComponent(n))}function m(n){return d(v(n))}function p(n){return g(m(n))}function s(n,t){return l(v(n),v(t))}function C(n,t){return g(s(n,t))}function A(n,t,r){return t?r?s(t,n):C(t,n):r?m(n):p(n)}"function"==typeof define&&define.amd?define(function(){return A}):"object"==typeof module&&module.exports?module.exports=A:n.md5=A}(this);
-//# sourceMappingURL=md5.min.js.map
diff --git a/www/res/xxtea.js b/www/res/xxtea.js
new file mode 100644
index 0000000..05d21fd
--- /dev/null
+++ b/www/res/xxtea.js
@@ -0,0 +1,208 @@
+/* - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  */
+/*  Block TEA (xxtea) Tiny Encryption Algorithm         (c) Chris Veness 2002-2014 / MIT Licence  */
+/*   - www.movable-type.co.uk/scripts/tea-block.html                                              */
+/*                                                                                                */
+/*  Algorithm: David Wheeler & Roger Needham, Cambridge University Computer Lab                   */
+/*             http://www.cl.cam.ac.uk/ftp/papers/djw-rmn/djw-rmn-tea.html (1994)                 */
+/*             http://www.cl.cam.ac.uk/ftp/users/djw3/xtea.ps (1997)                              */
+/*             http://www.cl.cam.ac.uk/ftp/users/djw3/xxtea.ps (1998)                             */
+/* - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  */
+
+'use strict';
+
+
+/**
+ * Tiny Encryption Algorithm
+ *
+ * @namespace
+ */
+var Tea = {};
+
+
+/**
+ * Encrypts text using Corrected Block TEA (xxtea) algorithm.
+ *
+ * @param   {string} plaintext - String to be encrypted (multi-byte safe).
+ * @param   {string} password - Password to be used for encryption (1st 16 chars).
+ * @returns {string} Encrypted text (encoded as base64).
+ */
+Tea.encrypt = function(plaintext, password) {
+    plaintext = String(plaintext);
+    password = String(password);
+
+    if (plaintext.length == 0) return('');  // nothing to encrypt
+
+    //  v is n-word data vector; converted to array of longs from UTF-8 string
+    var v = Tea.strToLongs(plaintext.utf8Encode());
+    //  k is 4-word key; simply convert first 16 chars of password as key
+    var k = Tea.strToLongs(password.utf8Encode().slice(0,16));
+
+    v = Tea.encode(v, k);
+
+    // convert array of longs to string
+    var ciphertext = Tea.longsToStr(v);
+
+    // convert binary string to base64 ascii for safe transport
+    return ciphertext.base64Encode();
+};
+
+
+/**
+ * Decrypts text using Corrected Block TEA (xxtea) algorithm.
+ *
+ * @param   {string} ciphertext - String to be decrypted.
+ * @param   {string} password - Password to be used for decryption (1st 16 chars).
+ * @returns {string} Decrypted text.
+ */
+Tea.decrypt = function(ciphertext, password) {
+    ciphertext = String(ciphertext);
+    password = String(password);
+
+    if (ciphertext.length == 0) return('');
+
+    //  v is n-word data vector; converted to array of longs from base64 string
+    var v = Tea.strToLongs(ciphertext.base64Decode());
+    //  k is 4-word key; simply convert first 16 chars of password as key
+    var k = Tea.strToLongs(password.utf8Encode().slice(0,16));
+
+    v = Tea.decode(v, k);
+
+    var plaintext = Tea.longsToStr(v);
+
+    // strip trailing null chars resulting from filling 4-char blocks:
+    plaintext = plaintext.replace(/\0+$/,'');
+
+    return plaintext.utf8Decode();
+};
+
+
+/**
+ * XXTEA: encodes array of unsigned 32-bit integers using 128-bit key.
+ *
+ * @param   {number[]} v - Data vector.
+ * @param   {number[]} k - Key.
+ * @returns {number[]} Encoded vector.
+ */
+Tea.encode = function(v, k) {
+    if (v.length < 2) v[1] = 0;  // algorithm doesn't work for n<2 so fudge by adding a null
+    var n = v.length;
+
+    var z = v[n-1], y = v[0], delta = 0x9E3779B9;
+    var mx, e, q = Math.floor(6 + 52/n), sum = 0;
+
+    while (q-- > 0) {  // 6 + 52/n operations gives between 6 & 32 mixes on each word
+        sum += delta;
+        e = sum>>>2 & 3;
+        for (var p = 0; p < n; p++) {
+            y = v[(p+1)%n];
+            mx = (z>>>5 ^ y<<2) + (y>>>3 ^ z<<4) ^ (sum^y) + (k[p&3 ^ e] ^ z);
+            z = v[p] += mx;
+        }
+    }
+
+    return v;
+};
+
+
+/**
+ * XXTEA: decodes array of unsigned 32-bit integers using 128-bit key.
+ *
+ * @param   {number[]} v - Data vector.
+ * @param   {number[]} k - Key.
+ * @returns {number[]} Decoded vector.
+ */
+Tea.decode = function(v, k) {
+    var n = v.length;
+
+    var z = v[n-1], y = v[0], delta = 0x9E3779B9;
+    var mx, e, q = Math.floor(6 + 52/n), sum = q*delta;
+
+    while (sum != 0) {
+        e = sum>>>2 & 3;
+        for (var p = n-1; p >= 0; p--) {
+            z = v[p>0 ? p-1 : n-1];
+            mx = (z>>>5 ^ y<<2) + (y>>>3 ^ z<<4) ^ (sum^y) + (k[p&3 ^ e] ^ z);
+            y = v[p] -= mx;
+        }
+        sum -= delta;
+    }
+
+    return v;
+};
+
+
+/**
+ * Converts string to array of longs (each containing 4 chars).
+ * @private
+ */
+Tea.strToLongs = function(s) {
+    // note chars must be within ISO-8859-1 (Unicode code-point <= U+00FF) to fit 4/long
+    var l = new Array(Math.ceil(s.length/4));
+    for (var i=0; i<l.length; i++) {
+        // note little-endian encoding - endianness is irrelevant as long as it matches longsToStr()
+        l[i] = s.charCodeAt(i*4)        + (s.charCodeAt(i*4+1)<<8) +
+              (s.charCodeAt(i*4+2)<<16) + (s.charCodeAt(i*4+3)<<24);
+    }
+    return l; // note running off the end of the string generates nulls since bitwise operators
+};            // treat NaN as 0
+
+
+/**
+ * Converts array of longs to string.
+ * @private
+ */
+Tea.longsToStr = function(l) {
+    var a = new Array(l.length);
+    for (var i=0; i<l.length; i++) {
+        a[i] = String.fromCharCode(l[i] & 0xFF, l[i]>>>8 & 0xFF, l[i]>>>16 & 0xFF, l[i]>>>24 & 0xFF);
+    }
+    return a.join('');  // use Array.join() for better performance than repeated string appends
+};
+
+
+/* - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  */
+
+
+/** Extend String object with method to encode multi-byte string to utf8
+ *  - monsur.hossa.in/2012/07/20/utf-8-in-javascript.html */
+if (typeof String.prototype.utf8Encode == 'undefined') {
+    String.prototype.utf8Encode = function() {
+        return unescape( encodeURIComponent( this ) );
+    };
+}
+
+/** Extend String object with method to decode utf8 string to multi-byte */
+if (typeof String.prototype.utf8Decode == 'undefined') {
+    String.prototype.utf8Decode = function() {
+        try {
+            return decodeURIComponent( escape( this ) );
+        } catch (e) {
+            return this; // invalid UTF-8? return as-is
+        }
+    };
+}
+
+
+/** Extend String object with method to encode base64
+ *  - developer.mozilla.org/en-US/docs/Web/API/window.btoa, nodejs.org/api/buffer.html
+ *  note: if btoa()/atob() are not available (eg IE9-), try github.com/davidchambers/Base64.js */
+if (typeof String.prototype.base64Encode == 'undefined') {
+    String.prototype.base64Encode = function() {
+        if (typeof btoa != 'undefined') return btoa(this); // browser
+        if (typeof Buffer != 'undefined') return new Buffer(this, 'binary').toString('base64'); // Node.js
+        throw new Error('No Base64 Encode');
+    };
+}
+
+/** Extend String object with method to decode base64 */
+if (typeof String.prototype.base64Decode == 'undefined') {
+    String.prototype.base64Decode = function() {
+        if (typeof atob != 'undefined') return atob(this); // browser
+        if (typeof Buffer != 'undefined') return new Buffer(this, 'base64').toString('binary'); // Node.js
+        throw new Error('No Base64 Decode');
+    };
+}
+
+
+/* - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  */
+if (typeof module != 'undefined' && module.exports) module.exports = Tea; // CommonJS export