Unicode in passwords

Stephane Bortzmeyer bortzmeyer at nic.fr
Mon Oct 5 10:12:00 CDT 2015

On Wed, Sep 30, 2015 at 04:15:30PM -0700,
 Clark S. Cox III <clarkcox3 at gmail.com> wrote 
 a message of 73 lines which said:

> You really wouldn’t want “Schlüssel” and “Schlüssel” being different
> passwords, would you? (assuming that my mail client and/or OS is not
> interfering, the first is NFC, while the second is NFD)

Hence the RFC 7613, mentioned already here by Marc Blanchet, that you
must really read if you're interesed in Unicode passwords.

In that case, the RFC is clear: NFC mandatory (and UTF-8 encoding).

   4.  Normalization Rule: Unicode Normalization Form C (NFC) MUST be
       applied to all characters.

More information about the Unicode mailing list