[cryptography] Oddity in common bcrypt implementation
marsh at extendedsubset.com
Wed Jun 29 11:06:44 EDT 2011
On 06/29/2011 06:49 AM, Peter Gutmann wrote:
> So far I've had exactly zero complaints about i18n or c18n-based password
> Yup, just counted them again, definitely zero. Turns out that most of the
> time when people are entering their passwords to, for example, unlock a
> private key, they don't have it spread across multiple totally dissimilar
Well I work on an implementation of the RADIUS thing as previously
described. It's got a ton of users, some even in Asian countries, using
it to interoperate with other vendors' products.
I don't recall many users having password issues with character sets
either. But I also know I could probably sit down and construct a broken
case rather quickly.
Nevertheless, if someone does report an unexplained issue we might ask
if there are any weird, special characters in their password. (Actually,
it's more complex than that. We reiterate that we would never ask them
for their password but hint that special characters might be a source of
So this suggests probably some combination of:
1. We picked the right encoding transformation logic. We receive the
credentials via RADIUS and usually validate them against the Windows API
which accepts UTF-16LE. IIRC we interpret the RADIUS credentials as what
Windows calls "ANSI" for this.
2. Admins who configure these systems in other markets have learned how
to adjust their various systems for their local encodings in ways that
never required our support. Perhaps from past experience they are
reluctant to ask us simple ASCII Americans for help troubleshooting this
type of issue.
3. Users everywhere choose very simple ASCII passwords and are reluctant
to report issues with special characters all the way up to us vendors.
Right now we're giving Solar Designer several bits of entropy for free.
If we could solve the 'high bit' problem, it could be a significant
increase in effective security for a lot of people.
More information about the cryptography