Alan DeKok <al...@deployingradius.com> writes: > Simon Josefsson wrote: >> Right. My point is that the one needs to weight this approach to a >> system which does not use normalization but instead use >> internationalized comparison rules. > > How do you do internationalized comparisons on hashed passwords? > > All you have is the hash. And if the passwords input to the hash > aren't the same (i.e. non-normalized), then you're *guaranteed* that the > hashes won't match.
Right. Hashed passwords is one example of when internationalized comparisons wouldn't work. I'm sorry if this wasn't clear in my earlier note. However there is a risk that normalization _introduce_ differences: if two systems use different normalization algorithms that leads to different outputs for the same input, the hashes won't match either. /Simon _______________________________________________ Emu mailing list Emu@ietf.org https://www.ietf.org/mailman/listinfo/emu
