Re: Unicode in passwords

From: Richard Wordingham <>
Date: Tue, 6 Oct 2015 20:19:27 +0100

On Tue, 6 Oct 2015 11:21:42 +0200
Mark Davis ☕️ <> wrote:

> While I think that RFC is useful, it has been interesting just how
> many of the problems recounted on this list go far beyond it, often
> having to do with UI issues. It would be useful to have a paper
> somewhere that organizes all of the problems presented here, and
> maybe makes a stab at describing techniques for handling them.

Indeed, there are several different scenarios. The most prototypical

1) Initial access to a stand-alone computing device, the conventional
logging on. In this case, it is usually risky to use anything but
printable ASCII.

2) Internet passwords for use in privacy. Basically any non-trivial
combination of characters should be acceptable, provided it will not be
mangled in transmission. Under the rules of Unicode, this means that
the text should be normalised before becoming a mere sequence of bytes.

Note that in the second scenario, there is normally an 'administrator'
who can put things right.

Received on Tue Oct 06 2015 - 14:20:32 CDT

This archive was generated by hypermail 2.2.0 : Tue Oct 06 2015 - 14:20:32 CDT