> The password quality is just adequate, but I think the idea has potential to be very secure.

The op makes no broad claims. I think your insights are helpful, but I would change your wording from "Congratulations" to "unfortunately" and then politely point out how to resolve the issue.

There is no issue. Length extension requires the full (or as close to full as to make no difference) output of the hash function.

The problem with hash functions like SHA1,2 and MD5 is that their output represents their entire internal state.

In this case let's say an attacker recovered the password for door 1. They can then compute what the passwords associated with Door's whose number starts with 1.

As the password is substantially truncated, this does not represent the final state of the hash, and the attack is not useful.

That aside, this still suffers from weak key derivation, allowing a more direct bruteforce attack, as others have mentioned.

I agree that HMAC is the better option, but I don't see any reasonable scenario where length-extension is actually relevant for this application.

Also, I think that truncating actually improves security: An attacker who knows n (door_id, password) pairs and is bruteforcing the base_phrase can only check each base_phrase candidate for the first m bytes. This increases the odds of a 'false collision' in the brute forcing; that is, they find a different base_phrase which happens to work for their (door_id, password) pairs, but won't work for door_ids which they don't know.

Truncation prevents the length extension attack.