Re: Unicode in passwords

From: Philippe Verdy <>
Date: Tue, 6 Oct 2015 15:13:25 +0200

I don't think it is a good idea for tectual passwords to make differences
based on the number of spaces. Being plain text they are likely to be
displayed in utser interfaces in a way that the user will not see. Without
trimming, users won't see the initial or final space, and the password
input method may not display them as well (e.g. in an HTML input form or
when using a button to generate passphrases that users must then copy-paste
to their password manager or to some private text document). Some password
storages also will implicitly trim and compress those strings (e.g. in a
fixed-width column of a table in a database). There's also frequently no
visual hint when entering or displaying those spaces and compression occurs
implicitly, or pass phrases may be line wrapped in the middle where you
won't see the number of spaces.

2015-10-06 12:25 GMT+02:00 Julian Bradfield <>:

> On 2015-10-06, Philippe Verdy <> wrote:
> > Finally note that passwords are not necessarily single identifiers
> > (whitespaces and word separators are accepted, but whitespaces should
> > require special handling with trimming (at both ends) and compression of
> > multiple occurences.
> Why would you trim or compress whitespace? Using multiple spaces seems a
> perfectly legitimate way of making a password harder to guess.
> --
> The University of Edinburgh is a charitable body, registered in
> Scotland, with registration number SC005336.
Received on Tue Oct 06 2015 - 08:14:42 CDT

This archive was generated by hypermail 2.2.0 : Tue Oct 06 2015 - 08:14:42 CDT