Should work alright if the server handles Unicode correctly, and isn’t one of those ass sites that put restrictions on the password’s length and composition. Hashing functions don’t even care if you’re feeding them raw binary.
I… I hope my passwords are hashed and salted long before they reach the server, so the way it handles unicode shouldn’t affect it all that much. The logistical issue I was seeing with emojis was more that some of them look the same but have different Unicodes alltogether, so typing in the same emoji across devices might be tricky if their keyboards default to different codes.
Oooh hashed and SALTED! I kept peppering the passwords that get sent to my server. Now all I need is to clean up the mess and the mold that all those hash browns leave behind.
Passwords are typically sent to the server and hashed there. I’m a bit hazy right now on the implications of client-side hashing, but it would likely present some security problems.
Edit: at the least, it would allow an attacker to use a leaked password database to log in to the sites, sidestepping the whole hashing thing.
There are protocols that send a hashed or encrypted password instead of plaintext, but they’re more complex than just hashing. Iirc they involve a challenge-and-response method.
Thanks to my password manager, commas are among the more tame characters that occur in my passwords.
Hm, now you’re making me wonder how feasible it would be to use Emojis in my passwords…
Should work alright if the server handles Unicode correctly, and isn’t one of those ass sites that put restrictions on the password’s length and composition. Hashing functions don’t even care if you’re feeding them raw binary.
I… I hope my passwords are hashed and salted long before they reach the server, so the way it handles unicode shouldn’t affect it all that much. The logistical issue I was seeing with emojis was more that some of them look the same but have different Unicodes alltogether, so typing in the same emoji across devices might be tricky if their keyboards default to different codes.
Oooh hashed and SALTED! I kept peppering the passwords that get sent to my server. Now all I need is to clean up the mess and the mold that all those hash browns leave behind.
Passwords are typically sent to the server and hashed there. I’m a bit hazy right now on the implications of client-side hashing, but it would likely present some security problems.
Edit: at the least, it would allow an attacker to use a leaked password database to log in to the sites, sidestepping the whole hashing thing.
There are protocols that send a hashed or encrypted password instead of plaintext, but they’re more complex than just hashing. Iirc they involve a challenge-and-response method.
Real passwords contain ASCII 0.