I don't think it is a good idea for tectual passwords to make differences based on the number of spaces. Being plain text they are likely to be displayed in utser interfaces in a way that the user will not see. Without trimming, users won't see the initial or final space, and the password input method may not display them as well (e.g. in an HTML input form or when using a button to generate passphrases that users must then copy-paste to their password manager or to some private text document). Some password storages also will implicitly trim and compress those strings (e.g. in a fixed-width column of a table in a database). There's also frequently no visual hint when entering or displaying those spaces and compression occurs implicitly, or pass phrases may be line wrapped in the middle where you won't see the number of spaces.
2015-10-06 12:25 GMT+02:00 Julian Bradfield <jcb+unic...@inf.ed.ac.uk>: > On 2015-10-06, Philippe Verdy <verd...@wanadoo.fr> wrote: > > Finally note that passwords are not necessarily single identifiers > > (whitespaces and word separators are accepted, but whitespaces should > > require special handling with trimming (at both ends) and compression of > > multiple occurences. > > Why would you trim or compress whitespace? Using multiple spaces seems a > perfectly legitimate way of making a password harder to guess. > > -- > The University of Edinburgh is a charitable body, registered in > Scotland, with registration number SC005336. > >