[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Future of SASLprep

To: ietf-sasl@xxxxxxx
Subject: Re: Future of SASLprep
From: "Frank Ellermann" <nobody@xxxxxxxxxxxxxxxxx>
Date: Tue, 12 Aug 2008 13:06:05 +0200
List-archive: <http://www.imc.org/ietf-sasl/mail-archive/>
List-id: <ietf-sasl.imc.org>
List-unsubscribe: <mailto:ietf-sasl-request@imc.org?body=unsubscribe>
Organization: <http://purl.net/xyzzy>
References: <ldvlki6dqqu.fsf@xxxxxxxxxxxxxxxxxxxxxxxxxx><45F84F97.3B0D@xxxxxxxxxxxxxxxxx><C51775F9-C7C7-435B-9D17-DDA0761DCBAB@xxxxxxxxx><g7qd9g$lvi$1@xxxxxxxxxxxxx> <87tzdqa683.fsf_-_@xxxxxxxxxxxxxxxxxxx>
Reply-to: "Frank Ellermann" <hmdmhdfmhdjmzdtjmzdtzktdkztdjz@xxxxxxxxx>
Sender: owner-ietf-sasl@xxxxxxxxxxxx

Simon Josefsson wrote:

> Passwords have quite different properties than domain names:
> it is normal and encouraged for passwords to contain characters
> from different scripts.

Yes.  Recently I looked into a years old archive about the
creation of tables inverting simple passwords from various
forms (incl. MD5), and the various pre-configured subsets
of supported characters where limited to what you'd see on
US keyboard layouts.

The size of the tables and the time to compute them (once)
increased dramatically with the number of supported input
characters.  That's (in theory) no obsctacle for say 128
characters, it could be hopeless for 100,000 characters...

> Possibly SASLprep2 could be a profile of RFC 5198: applying
> certain algorithmic tests to restrict some characters on
> top of the RFC 5198 output.

Simplified RFC 5198 is UTF-8 NFC minus some control chars.
What further restrictions do you have in mind ?

 Frank

Follow-Ups:
- Re: Future of SASLprep
  - From: Simon Josefsson

References:
- WG Last Call: draft-ietf-sasl-crammd5-08.txt
  - From: Tom Yu
- Interoperability (was: WG Last Call: draft-ietf-sasl-crammd5-08.txt)
  - From: Frank Ellermann
- Re: Interoperability (was: WG Last Call: draft-ietf-sasl-crammd5-08.txt)
  - From: Kurt Zeilenga
- Re: Interoperability
  - From: Frank Ellermann
- Future of SASLprep
  - From: Simon Josefsson

Prev by Date: Re: EXTERNAL-CHANNEL
Next by Date: Re: Random data
Previous by thread: Future of SASLprep
Next by thread: Re: Future of SASLprep
Index(es):
- Date
- Thread