
Two Types of Passwords - w8rbt
https://github.com/w8rbt/dpg/blob/master/password_types.md
======
ggm
I am tempted to say I "like" this, but danger lurks in amateurs discussing
aspects of Cryptography. I would want to see a discussion led by people in the
field, about the merits of this approach.

It _looks_ like the author avoids sharing even super-encrypted state outside
of the locally strong-store box, and has made an architectural decision to
segment passwords/phrases into two: the ones which get onto the strong box you
hold, and the ones you send over the wire to login to systems.

But, what worries me is the implied uniqueness of the derived strings: if a
family of things share xxxx-yyy-zzz-<unique> then the functionally unique
input to the PRNG or whatever mix he used to generate the string, is the
length of <unique> and there is a large component of input which is shared
with other things: In my weak understanding of crypto, this is traditionally
held to be a weakness: the apparent length of uniqueness is not as long as it
looks, and loss of even one of these tokens may reveal facts about the seed
data.

TL;DR want to see competent cryptography on the products of this scheme and
the impact of the <common-prefix> <unique> inputs to the produced passwords.

