Author: Mike Hearn 2014-07-16 09:29:16
Published on: 2014-07-16T09:29:16+00:00
The email thread discusses an issue with Unicode astral plane characters in passwords that may not be supported by all platforms. The problem seems to start with the null code point, and Andreas Schildbach suggests banning or filtering ISO control characters since most of them cannot be entered into a password field using a keyboard. Aaron Voisine argues against limiting the spec to only the subset of Unicode that popular platforms can support and believes that it might be a JVM string library bug that can be fixed. Mike Hearn notes that Java uses 16-bit characters internally and recommends refusing any passphrase that includes characters outside of the BMP, unless someone can find a fix. The conversation ends with an advertisement for Black Duck Code Sight, which allows indexing and searching up to 200,000 lines of code.
Updated on: 2023-06-09T00:57:18.961399+00:00