[Cryptography] Removal of spaces in NIST Draft SP-800-63B

Patrick Chkoreff patrick at rayservers.net
Thu Mar 30 13:40:44 EDT 2017


Arnold Reinhold wrote on 03/30/2017 09:52 AM:

> I filed a comment (#679) on NIST Draft SP-800-63B “Digital Identity
> Guidelines” urging removal of the provision in Section 5.1.1.2:
> “Verifiers MAY remove multiple consecutive space characters, or all
> space characters, prior to verification provided that the result is
> at least 8 characters in length.” since it can reduce password
> entropy for no good reason. I’d be curious to know if anyone can
> figure out how that got in there in the first place. My comment is
> here:
> 
> https://github.com/usnistgov/800-63-3/issues/679
> 
> Public comment period ends March 31 (tomorrow).

I second that emotion, and I wrote a comment to that effect.

So *you're* the guy behind Diceware!  At various times I've seen your
name on the diceware.com site and on this list, but I never made the
connection.  Diceware is a very powerful technique, and I thank you for it.


-- Patrick



More information about the cryptography mailing list