hi all
I'm new to the list, thanks for such nice discussion. I'm not a
programmed but rather advanced used with few decades of experience in
use of encryption.
The most immediate problem for many users w.r.t. non-ASCII in
passwords is not the likelihood of interop problems but the
heterogeneity of input methods and input method selection in login
screens, password input fields in apps and browsers, and so on, as
well as the fact that they can't see the password they are typing to
confirm that the input method is working correctly.
This particular security idea came from terminal laboratories in the 1970s and
1980s where annoying folk would look over your shoulder to read your password
as you typed it.
The assumption of people looking over your shoulder is well past its use-by
date. These days we work with laptops, etc, which all work to a more private
setting. Even Internet Cafes have their privacy shields between booths.
There are still some lesser circumstances where this is an issue (using your
laptop in a crowded place or typing a PIN onto a reader/ATM). Indeed in the
latter case, the threat is a camera that picks up the keys as they are typed.
But for the most part, we should be deprecating the practice at its mandated level and exploring optional or open methods.
in PGP such option "show password" existed for ages
_______________________________________________
cryptography mailing list
[email protected]
http://lists.randombit.net/mailman/listinfo/cryptography
