[PATCH] BUG 172567 support non ASCII user name to login in

[Randy Kramer]

On Sunday 12 October 2008 11:02 pm, 潘卫平 wrote:
> I believe KDE should allow non-ASCII user name to login in computer.

This sparked a thought in a slightly different direction--not to 
advocate security by obscurity, but having usernames and passwords in 
Unicode (UTF-8 or whatever)--would that make it harder to guess (i.e., 
brute force) usernames and passwords?

I'm not entirely sure myself atm--maybe because they all (that is, all 
Unicode encodings, if that's the right description) resolve to 
sequences of bytes, maybe in one sense it doesn't help.

On the other hand, if I used say an 8 character password that resolved 
to 32 bytes (because each of the characters in it is chosen from a 
non-ASCII subset that resolves to 4 bytes (or even 16/2 bytes)), that 
would seem to make a fairly simple to remember (8 character) password 
harder to brute force.

I wonder to what extent current password programs are ready to handle 
Unicode passwords?

In any event, this is at least partially to express some prior art 
before Amazon (or similar) patents this. ;-)

Randy Kramer
-- 
I didn't have time to write a short letter, so I created a video 
instead.--with apologies to Cicero, et.al.