From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.io!.POSTED.blaine.gmane.org!not-for-mail From: John Cowan Newsgroups: gmane.lisp.guile.user Subject: Re: Guile Hacker Handbook - Character sets Date: Thu, 18 Feb 2021 19:10:38 -0500 Message-ID: References: Mime-Version: 1.0 Content-Type: text/plain; charset="UTF-8" Injection-Info: ciao.gmane.io; posting-host="blaine.gmane.org:116.202.254.214"; logging-data="16722"; mail-complaints-to="usenet@ciao.gmane.io" Cc: Mailing list Guile User To: divoplade Original-X-From: guile-user-bounces+guile-user=m.gmane-mx.org@gnu.org Fri Feb 19 01:11:14 2021 Return-path: Envelope-to: guile-user@m.gmane-mx.org Original-Received: from lists.gnu.org ([209.51.188.17]) by ciao.gmane.io with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1lCtO4-0004DF-Qr for guile-user@m.gmane-mx.org; Fri, 19 Feb 2021 01:11:12 +0100 Original-Received: from localhost ([::1]:42072 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1lCtO3-0003zT-NN for guile-user@m.gmane-mx.org; Thu, 18 Feb 2021 19:11:11 -0500 Original-Received: from eggs.gnu.org ([2001:470:142:3::10]:40154) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1lCtNr-0003yG-GP for guile-user@gnu.org; Thu, 18 Feb 2021 19:10:59 -0500 Original-Received: from mail-qk1-x72e.google.com ([2607:f8b0:4864:20::72e]:41699) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1lCtNn-0006ec-D5 for guile-user@gnu.org; Thu, 18 Feb 2021 19:10:59 -0500 Original-Received: by mail-qk1-x72e.google.com with SMTP id q85so4035051qke.8 for ; Thu, 18 Feb 2021 16:10:53 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ccil-org.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=10jatSQUF389vYp+yDmAe7K68NstfF+/q4DWErL/nhs=; b=UjtJvnEF5tySZHGI56EAGQtvRRjVcrq05MK1BzCK5KUvjQOQhVsLtd/D5wnnLF55u7 tVUpO/JmhOyKALc2awrwbWbEVDcJ1QYuX0hAbG7E5SdEjI9UNYRCjrFvVZwhktz+H6kq DfLN4xJ3qYwBVKvVkdm0HcD1F95hHGJXIcp8B4abknk6ZEJe5k6+kuCnCPJ7JjD44i9o D+RlP6OoQjTV4MzEWzGLrxk64D981J/zKl/UEVbsFP5fQBP/iDLi+Cm5Ed1ClX8Boitj sxJ0vnhb0PGHT4yeC6RIE6n99bn16ZvBRBRkCxQ2m8xj61avnKXuTRUeugRCZtUcIGU2 G1/w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=10jatSQUF389vYp+yDmAe7K68NstfF+/q4DWErL/nhs=; b=seoYwMQc1J4f5RVoo+uncUaEJaeHZAmX6yt7C8kTvP9ymw1JJ1uw31LfTGkxykRgTr tNR+tEyI165jgk9RFFMHb4CAEFZMAh006K0PXedCOGjopXHLrNeSLJ5TN9A11twvwHRq FJ9Vwhfl5CwgXPgJIv3xVOzbfCkAuSgFZe77tUwD1jLYZlJpmiTJx8exk0WyWd0/jkpi ODc41byzoEZLhcg5Py4Do3U2mReiyUhlNqAJuet3VWzkiN3FrgweGl8f4bzdhx3eElKg BDWQYJektCIlt94EpJOoMnNFwErdUpjzj4wLhaITuuXajy2OM4CeerWCmazj0oxQWMZ0 2PHQ== X-Gm-Message-State: AOAM532o3HODuNPiPVsXF0EguroxKscXksshbUCcH+evECGe33Km9WG/ nYTwLgETI9EUaM6xJgPuO7K0YYt88oufivXE6uoTrf2Wy7egAky4 X-Google-Smtp-Source: ABdhPJwn2mkqvkY9YFXLypbB75Uf7B8ZFk7SyHhloPNGRbYkQFZM0w+cKxKV9WYO8qgT4ca6lTYJFtrHrpUtLeKwzZc= X-Received: by 2002:a37:4a49:: with SMTP id x70mr7060057qka.118.1613693452774; Thu, 18 Feb 2021 16:10:52 -0800 (PST) In-Reply-To: Received-SPF: pass client-ip=2607:f8b0:4864:20::72e; envelope-from=cowan@ccil.org; helo=mail-qk1-x72e.google.com X-Spam_score_int: -18 X-Spam_score: -1.9 X-Spam_bar: - X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-Content-Filtered-By: Mailman/MimeDel 2.1.23 X-BeenThere: guile-user@gnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: General Guile related discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guile-user-bounces+guile-user=m.gmane-mx.org@gnu.org Original-Sender: "guile-user" Xref: news.gmane.io gmane.lisp.guile.user:17269 Archived-At: On Thu, Feb 18, 2021 at 6:17 PM divoplade wrote: > Fortunately, there are very few international problems that need to > look at individual characters of a string. Your password rules example > is arguably one of them, although it may make non-latin users angry > (this upper case / lower case distinction does not work in chinese, as > far as I know). The 2017 (U.S.) NIST password guidelines no longer limit what characters can appear in a password: in particular, spaces, Chinese characters, and emoji are fine. Here is the complete list of guidelines, which are binding on the U.S. government but recommended for everyone: 1) Passwords must be 8 characters or more but not more than 64 characters, and must be hashed and salted before being stored. Password length is the primary defense against password cracking. (Note that a password assigned by the system such as a PIN may have as few as 6 digits.) 2) All Unicode characters should be allowed unless they are forbidden by the underlying system. Runs of repeated or consecutive characters, however, are not allowed. 3) Pasting text should be allowed wherever possible, so as to encourage the use of password managers. 4) Password hints are not allowed. They weaken security. 5) Enforcing periodic password changes is not allowed. They decrease usability and encourage users to use the same or similar passwords, which causes the increased security to be negligible. 6) Enforcing password complexity requirements like the use of lower case, upper case, digits, etc. is not allowed. The security they add is negligible. 7) Passwords must be screened against a list of commonly used passwords, known compromised passwords, and dictionary words, as password cracking programs will usually try such passwords first. John Cowan http://vrici.lojban.org/~cowan cowan@ccil.org Work hard / play hard, cowan@ccil.org die young / rot quickly.