Re: Unicode in passwords

From: Marc Blanchet <marc.blanchet_at_viagenie.ca>
Date: Wed, 30 Sep 2015 13:35:05 -0400

On 30 Sep 2015, at 12:33, John O'Conner wrote:

> I'm researching potential problems and best practices for password
> policies
> that allow non-Latin-1 Unicode characters. My searching of the
> unicode.org
> site showed me a general security considerations document (UTR #36)
> but
> nothing specific for password policies using Unicode.
>
> Can you recommend any documents to help me understand potential issues
> (if
> any) for password policies and validation methods that allow
> characters
> from more "exotic" portions of the Unicode space?

the IETF have been doing work related to this exact issue. You might
want to look at RFC7564 (generic framework) and RFC7613 (username and
passwords, used in various IETF protocols).

Marc.

>
> Best regards,
> John O'Conner
Received on Wed Sep 30 2015 - 12:36:05 CDT

This archive was generated by hypermail 2.2.0 : Wed Sep 30 2015 - 12:36:05 CDT