[vrikis]

I'm not sure if I quite understand this - so you're hashing the pass-phrase+doorID, and then storing that? Doesn't that mean that the hashed, well, generated password is always the same, regardless which website you are on?

I like the idea of supergenpass, as it's creating unique passwords on a website basis as it hashing a password+URL to create unique website passwords.

Maybe I've misunderstood this though.

[bartbes]

I think the idea is that you choose a unique door id for every website, something you can easily remember.

It's also a deterministic (but difficult to reverse, I assume) algorithm, so it doesn't ever store anything, you just regenerate the password to "look it up".

[ygra]

The password is essentially hash(passphrase + door id). Which means, nothing is stored, because both of those are inputs to the program. At least that's how I understood it.

[vrikis]

But what I don't understand is, if the password is never stored, how can you allow for logins, etc.? I mean, there must be a way of comparison, or something? I think perhaps I'm having a brain melt, or I'm misunderstanding this completely. To me, this looks like it's creating a password from hashing the pass-phrase and doorID, but that just then generates another password...

[watwut]

He will count the same hash(passphrase + door id) again.