[Cryptography] Removal of spaces in NIST Draft SP-800-63B

Bill Frantz frantz at pwpconsult.com
Sat Apr 1 21:46:04 EDT 2017


On 4/1/17 at 3:48 PM, kevin.w.wall at gmail.com (Kevin W. Wall) wrote:

>Just speculation as to
>how it may have ended up there. Lots of times passwords / pass phrases
>get emailed to clients (especially, initial passwords or in case of
>password resets from a "forgot password" flow). In such cases, users
>frequently copy-and-paste passwords from email into the login form.
>The problem is that MUAs can compress consecutive spaces or (more
>common) any beginning or trailing spaces are not copied by a double
>mouse click.

"Doctor, it hurts when I do this." Why are you doing that?

In this case, why have spaces in the password at all. Initial 
and reset passwords should be painfull enough to type that the 
user will change them. One coworker at a job a long time ago 
always set up accounts with the password of all the letters A 
thru Z followed by the 10 digits 0 thru 9. He didn't have to 
tell people to change their initial password. They would always 
ask him how to change a password.

Cheers - Bill

-------------------------------------------------------------------------
Bill Frantz        | When it comes to the world     | Periwinkle
(408)356-8506      | around us, is there any choice | 16345 
Englewood Ave
www.pwpconsult.com | but to explore? - Lisa Randall | Los Gatos, 
CA 95032



More information about the cryptography mailing list