Tags:
create new tag
, view all tags

Unicode for Usernames and Passwords

After someone on kde-core-devel posted a request to allow non-ASCII user names to login to a computer, I got to thinking that might be some help with security issues. Such passwords and usernames should be much harder to guess / brute force.

UPDATE: (The next day)--the email has come through moderation, but I think I'll leave this here anyway. There was one comment on the email pointing out that the difficulty of brute forcing depends on the number of bytes (bits), but that doesn't detract from the idea of x number of Unicode characters specifying 2x or 4x (or something in-between) bytes which does increase the difficulty of brute forcing for a given number of characters.

See:

Contents

Email to kde-core-devel

I tried to send this to kde-core-devel but it is a moderated list, and after 12 hours (maybe I should be more patient), it hasn't been accepted.

Re: [PATCH] BUG 172567 support non ASCII user name to login in From: To: kde-core-devel@kdePLEASENOSPAM.org Date: 10/13/08 08:03 am On Sunday 12 October 2008 11:02 pm, 潘卫平 wrote: > I believe KDE should allow non-ASCII user name to login in computer.

This sparked a thought in a slightly different direction--not to advocate security by obscurity, but having usernames and passwords in Unicode (UTF-8 or whatever)--would that make it harder to guess (i.e., brute force) usernames and passwords?

I'm not entirely sure myself atm--maybe because they all (that is, all Unicode encodings, if that's the right description) resolve to sequences of bytes, maybe in one sense it doesn't help.

On the other hand, if I used say an 8 character password that resolved to 32 bytes (because each of the characters in it is chosen from a non-ASCII subset that resolves to 4 bytes (or even 16/2 bytes)), that would seem to make a fairly simple to remember (8 character) password harder to brute force.

I wonder to what extent current password programs are ready to handle Unicode passwords?

In any event, this is at least partially to express some prior art before Amazon (or similar) patents this. wink

Contributors

  • () RandyKramer - 14 Oct 2008
  • If you edit this page: add your name here; move this to the next line; and if you've used a comment marker (your initials in parenthesis), include it before your WikiName.

Revision Comment

%SECTION{last_revision}%
  • %DATE% —

Page Ratings

Edit | Attach | Watch | Print version | History: r2 < r1 | Backlinks | Raw View | Raw edit | More topic actions
Topic revision: r2 - 2008-10-14 - RandyKramer
 
  • Learn about TWiki  
  • Download TWiki
This site is powered by the TWiki collaboration platform Powered by PerlCopyright 1999-2017 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding WikiLearn? WebBottomBar">Send feedback
See TWiki's New Look