On 2011-06-29 7:01 PM, Ian G wrote:
On 28/06/11 1:01 PM, Paul Hoffman wrote:
And this discussion of ASCII and internationalization has what to do
with cryptography,
I personally think this list is about users of crypto, rather than
cryptographers-creators in particular. The former are mostly computer
scientists who think in block-algorithm form, the latter are more the
mathematicians.
As a crypto-plumber (computer science user of crypto) I think it is
impossible to divorce crypto from all the other security techniques. All
the way up the stack.
Crypto plumbing is on topic. Thus password normalization is on topic.
One problem with unicode is that identical characters often have
multiple codes, one for each character meaning.
Also, characters that are in some sense composite may be represented
both as two characters, or as a single character.
Thus the exact same password string, in visible symbols, may have
multiple codes. The user types what he reasonably believes to be the
password, but it does not work!
Thus the password has to be normalized before being hashed.
Further, often a variants of a single character with a single meaning
also have multiple codes - there is no sharp boundary between the
string, and formatting information, though this is more a problem for
unicode searching, than for unicode passwords.
_______________________________________________
cryptography mailing list
[email protected]
http://lists.randombit.net/mailman/listinfo/cryptography
