[cryptography] Oddity in common bcrypt implementation

Marsh Ray marsh at extendedsubset.com
Wed Jun 29 11:06:44 EDT 2011

On 06/29/2011 06:49 AM, Peter Gutmann wrote:
> So far I've had exactly zero complaints about i18n or c18n-based password
> issues.
> [Pause]
> Yup, just counted them again, definitely zero.  Turns out that most of the
> time when people are entering their passwords to, for example, unlock a
> private key, they don't have it spread across multiple totally dissimilar
> systems.

Well I work on an implementation of the RADIUS thing as previously 
described. It's got a ton of users, some even in Asian countries, using 
it to interoperate with other vendors' products.

I don't recall many users having password issues with character sets 
either. But I also know I could probably sit down and construct a broken 
case rather quickly.

Nevertheless, if someone does report an unexplained issue we might ask 
if there are any weird, special characters in their password. (Actually, 
it's more complex than that. We reiterate that we would never ask them 
for their password but hint that special characters might be a source of 

So this suggests probably some combination of:

1. We picked the right encoding transformation logic. We receive the 
credentials via RADIUS and usually validate them against the Windows API 
which accepts UTF-16LE. IIRC we interpret the RADIUS credentials as what 
Windows calls "ANSI" for this.

2. Admins who configure these systems in other markets have learned how 
to adjust their various systems for their local encodings in ways that 
never required our support. Perhaps from past experience they are 
reluctant to ask us simple ASCII Americans for help troubleshooting this 
type of issue.

3. Users everywhere choose very simple ASCII passwords and are reluctant 
to report issues with special characters all the way up to us vendors.

Right now we're giving Solar Designer several bits of entropy for free. 
If we could solve the 'high bit' problem, it could be a significant 
increase in effective security for a lot of people.

- Marsh

More information about the cryptography mailing list