Does that mean that Unicode Normalisation is a very weak and unsecure way for passwords?
In this case, what is the actual Usage of Unicode Normalization ? Why exactly do we need something like a Unicode Normalization ? Offcourse django provides various ways to strengthen and vallidate the passwords. that can be used. But also Observed is that the Django Code does the Unicode Normalization for User names and Email Ids using NKFD Normalisation Algorithm. On Wednesday, April 20, 2016 at 6:51:18 PM UTC+5:30, Avraham Serour wrote: > > in summary: "Unicode Normalization Forms are formally defined > normalizations of Unicode strings which make it possible to determine > whether any two Unicode strings are equivalent to each other" > > as I see this would be highly unsecure for passwords, this is something > like converting special characters to latin characters, or forcing lower > case only > > On Wed, Apr 20, 2016 at 4:16 PM, Arun S <arun...@gmail.com <javascript:>> > wrote: > >> let me try to clear my question. >> >> please correct me if am wrong. >> basically all I want to know is that there already exists a number of >> Unicode normalization forms. >> Reference >> >> Unicode normalization forms: http://unicode.org/reports/tr15/#Norm_Forms >> >> so as I said as a part of a company norms, the project needs to follow >> certain csdl standards and according to that it states that all passwords >> shall be normalised according to the ref mentioned and then convert then to >> a utf8 which then follows thru the hashing process. >> >> so since the major part of the project uses djangos frameworks, I believe >> that the user authentication methods used already applies the hashing >> algorithms. >> >> but what I could not figure out is that >> 1: does django apply any such normalization process for the user >> passwords. >> 2: how is it different between a normalised password and then hashed with >> djangos hashing algorithm s and a non normalised password just saved after >> hashing. >> >> >> -- >> You received this message because you are subscribed to the Google Groups >> "Django users" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to django-users...@googlegroups.com <javascript:>. >> To post to this group, send email to django...@googlegroups.com >> <javascript:>. >> Visit this group at https://groups.google.com/group/django-users. >> To view this discussion on the web visit >> https://groups.google.com/d/msgid/django-users/69f70909-215e-4daa-a770-a10b3c2de63a%40googlegroups.com >> . >> For more options, visit https://groups.google.com/d/optout. >> > > -- You received this message because you are subscribed to the Google Groups "Django users" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscr...@googlegroups.com. To post to this group, send email to django-users@googlegroups.com. Visit this group at https://groups.google.com/group/django-users. To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/9b11feda-914f-4516-9841-2dad8084654b%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
