Open Atrate opened 4 years ago
gargakshit
commented
4 years ago Hey Atrate First of all thanks for the feature request.
So from what I understood, this is like HOTP for a password (instead of a 2FA OTP) 🤔 Please correct me if I am wrong here.
PS: I am still reading the document, and will reply as soon as I am finished. From what I have read till now, this seems to be implementable.
gargakshit
commented
4 years ago Also, I wanted to know which sites support that algorithm (just out of curiosity)
Atrate
commented
4 years ago Also, I wanted to know which sites support that algorithm (just out of curiosity)
It is not website-dependent. It simply generates passwords from a set of variables (master password, website name, counter). If the user provides the same variables on e.g. another device, the generated password will be the same.
A non-technical information sheet can be found here: https://masterpassword.app/how/
gargakshit
commented
4 years ago Also, I wanted to know which sites support that algorithm (just out of curiosity)
It is not website-dependent. It simply generates passwords from a set of variables (master password, website name, counter). If the user provides the same variables on e.g. another device, the generated password will be the same.
A non-technical information sheet can be found here: https://masterpassword.app/how/
It needs the name to generate the layer 1 (the key). So I guess I will implement this after completing sync, as I will request the user's email and backup password to login and decrypt the backup.
gargakshit
commented
4 years ago So the counter is the number of times you have changed your password (to get a unique password)
Atrate
commented
3 years ago MasterPassword has changed its name to Spectre: https://spectre.app/
gargakshit
commented
3 years ago I think their design goals are different from our design goals. Also for that algorithm, we would need to enable sync (which is currently self hosted only)
Atrate
commented
3 years ago Also for that algorithm, we would need to enable sync
Spectre/MPW is stateless, it doesn't really need any kind of synchronisation
gargakshit
commented
3 years ago Also for that algorithm, we would need to enable sync
Spectre/MPW is stateless, it doesn't really need any kind of synchronisation
Actually I get it. It would be a stateless synchronization. Would be a good idea to implement a similar feature. Are you present on telegram? I would like to have a quick chat with you :)
Atrate
commented
3 years ago No, but you can hit me up on Matrix at @Atrate:matrix.org or via e-mail
The MasterPassword algorithm is a password derivation algorithm that uses a single master password (and the site URL + a counter) in order to generate unique, but reproducible passwords without the need to store them.
Since there are no secure (with encrypted storage) and nice looking apps utilizing that algorithm, I personally think that passwd could include it as another method of generating passwords, alongside Diceware and the random method.
https://masterpassword.app/masterpassword-algorithm.pdf https://gitlab.com/MasterPassword/MasterPassword