Author: Brooks Boyd 2014-07-15 15:13:44
Published on: 2014-07-15T15:13:44+00:00
The Bitcoin protocol's BIP 38 (password-protected private keys) test vector has been under scrutiny, and Mike Hearn, a developer on the project, suggested removing the third test vector that contains characters such as "pile of poo" and an embedded null character. The point of the vector is to test for edge cases where the input string is not in NFC form. Edge cases include combining characters, null character, astral range, and others that implementations must handle or sanitize before processing. Hearn suggests using realistic strings such as "Zürich" or something written in Thai instead of garbage characters. Passphrases inputted by users should be assumed to not already be NFC-normalized. Implementations can't assume the input is already NFC normalized, so various implementations are cross-compatible. If one implementation assumes the input is already NFC, they may encode/decode the password incorrectly and lock a user out of their wallet.
Updated on: 2023-06-09T00:56:26.774726+00:00