Bug #71
passwords using non-ascii
Status:
New
Priority:
High
Assignee:
-
Target version:
-
Start date:
01/02/2015
Due date:
% Done:
0%
Description
most input methods support non-ascii, typically in the form of unicode.
further most APIs expect unicode data in the form of UTF8 ot UTF16
There is a consistent inconsistency in the code as to the use of 8bit and 16bit characters (no use of 32bit) and free love exchanges between them. This creaes weaknesses and vulnerabilities.
http://stackoverflow.com/questions/10766838/converting-file-in-utf-8-to-utf-16
all user input data structures & APIs should be standardized to UTF8 (or something else).
History
#1 Updated by Jason Pyeron over 7 years ago
Fix VerifyPasswordAndUpdate2 to use unicode