[Cryptography] Removal of spaces in NIST Draft SP-800-63B

Arnold Reinhold agr at me.com
Thu Mar 30 09:52:41 EDT 2017


I filed a comment (#679) on NIST Draft SP-800-63B “Digital Identity Guidelines” urging removal of the provision in Section 5.1.1.2:  “Verifiers MAY remove multiple consecutive space characters, or all space characters, prior to verification provided that the result is at least 8 characters in length.” since it can reduce password entropy for no good reason. I’d be curious to know if anyone can figure out how that got in there in the first place. My comment is here:

   https://github.com/usnistgov/800-63-3/issues/679

Public comment period ends March 31 (tomorrow).

Arnold Reinhold


More information about the cryptography mailing list