A question for the cryptologists and computer people in the audience

Jan. 13th, 2013 05:07 pm
andrewducker: (Default)
[personal profile] andrewducker
Is there any good reason to forbid people from having punctuation in their passwords?
  • Add Memory
  • Share This Entry
Flat | Top-Level Comments Only

Date: 2013-01-13 05:50 pm (UTC)
jack: (Default)
From: [personal profile] jack
I'm not a crypto person, but when I consider it I'm torn between two opposite impulses:

1. If you allow any sort of "special" characters (punctuation, non-ascii, null, etc), they may come back to bite some other part of the system, even if you properly encrypt the password and never do (or are able) to send the password out again.

2. Any user-supplied data and especially passwords should be stored as opaque text, so should be able to accept any characters and work just the same, and if it can't that suggests you're concatenating it or not encrypting it, both of which are big big no-nos.

Date: 2013-01-13 06:32 pm (UTC)
gominokouhai: (Default)
From: [personal profile] gominokouhai
Maybe as a hamfisted attempt to prevent escape characters for code injection attacks?

Date: 2013-01-13 06:41 pm (UTC)
flick: (Default)
From: [personal profile] flick
I remember, back in the day, having two punctuation marks in my Egg password. It wasn't a problem online, but when you phoned them the password check was an automated system that went "press the number corresponding to the position in your password of the following character" and, for the punctuation marks, that was just silence....
  • Add Memory
  • Share This Entry
Flat | Top-Level Comments Only

Profile

andrewducker: (Default)
andrewducker
My NotZen Website

January 2026

S M T W T F S
     1 2 3
45 6 7 8 910
11121314151617
18192021222324
25262728293031

Most Popular Tags

Page Summary

Active Entries

Style Credit

Expand Cut Tags

No cut tags
Page generated Jan. 9th, 2026 11:08 am
Powered by Dreamwidth Studios