Re: Unicode versioning in glib



> I'm not sure what your point is, but if you mean that this is enough
> for a protocol that compares normalized strings (such as passwords)
> for equality the point is not valid.  The protocols I'm implementing
> currently requires that all protocol implementations must use NFKC
> from Unicode 3.2.

all normalisation of passwords should be done on the trusted machine on which the password is typed. the storage of the password should be a hash of the string that was input. the verification of the password never requires a specific encoding. it's acceptable to input your password with something other than a keyboard, or with keys on a keyboard that don't map to characters or unicode values of any kind! the protocol which you are implementing is broken. in any event you are probably interested in this file as well:
http://www.unicode.org/Public/UNIDATA/NormalizationCorrections.txt



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]