[Cryptography] canonicalizing unicode strings.
Nico Williams
nico at cryptonector.com
Thu Feb 1 22:22:28 EST 2018
On Thu, Feb 01, 2018 at 07:10:56PM -0500, John Levine wrote:
> >None of this means that one should reject mixed script new passwords.
> >However, users should be warned about difficulty of password entry.
>
> Surely we don't have to rehash all the reasons why user education
> about security issues is an oxymoron. If they're not going to be able
> to enter their password reliably, do them a favor and make them choose
> a different one.
You don't have to educate them as to mixed-script passwords. First,
it's hard enough to enter that most won't even try. Second, if it
doesn't work out then they'll go through whatever password reset
procedure, and for the most part won't be sad.
More information about the cryptography
mailing list