Unicode in passwords
Hans Åberg
haberg-1 at telia.com
Wed Sep 30 15:29:55 CDT 2015
> On 30 Sep 2015, at 18:33, John O'Conner <jsoconner at gmail.com> wrote:
>
> Can you recommend any documents to help me understand potential issues (if any) for password policies and validation methods that allow characters from more "exotic" portions of the Unicode space?
On UNIX computers, one computes a hash (like SHA-256), which is then used to authenticate the password up to a high probability. The hash is stored in the open, but it is not known how to compute the password from the hash, so knowing the hash does not easily allow authentication.
So if the password is encoded in say UTF-8 and then hashed, it would seem to take care of most problems.
More information about the Unicode
mailing list