[PATCH] BUG 172567 support non ASCII user name to login in
Ingo Klöcker
kloecker at kde.org
Thu Oct 16 21:50:05 BST 2008
On Monday 13 October 2008, Randy Kramer wrote:
> On Sunday 12 October 2008 11:02 pm, 潘卫平 wrote:
> > I believe KDE should allow non-ASCII user name to login in
> > computer.
>
> This sparked a thought in a slightly different direction--not to
> advocate security by obscurity, but having usernames and passwords in
> Unicode (UTF-8 or whatever)--would that make it harder to guess
> (i.e., brute force) usernames and passwords?
>
> I'm not entirely sure myself atm--maybe because they all (that is,
> all Unicode encodings, if that's the right description) resolve to
> sequences of bytes, maybe in one sense it doesn't help.
>
> On the other hand, if I used say an 8 character password that
> resolved to 32 bytes (because each of the characters in it is chosen
> from a non-ASCII subset that resolves to 4 bytes (or even 16/2
> bytes)), that would seem to make a fairly simple to remember (8
> character) password harder to brute force.
>
> I wonder to what extent current password programs are ready to handle
> Unicode passwords?
I would refrain from using non-ASCII characters in passwords. There's no
gain in using them. A strong argument against the usage of non-ASCII
characters is that you might not be able to enter the necessary Unicode
characters on some system you have to use. OTOH, ASCII characters will
work reliably with any OS with any application.
Regards,
Ingo
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part.
URL: <http://mail.kde.org/pipermail/kde-core-devel/attachments/20081016/0d933d68/attachment.sig>
More information about the kde-core-devel
mailing list