Academic Integrity: tutoring, explanations, and feedback — we don’t complete graded work or submit on a student’s behalf.

If I use a system that allows all Unicode characters or a similarly large space

ID: 657000 • Letter: I

Question

If I use a system that allows all Unicode characters or a similarly large space for passwords, how much would using an unusual character help in practice (for example, ? ,which I found under Mandaic and doesn't render properly in Firefox for me)? I understand that in theory, an attacker making a brute force attempt would probably determine the character space and use the entirety of the possible characters. But, is this common in password cracking software? Is it likely that someone would try bruteforcing a large character space, or more likely they go for the low hanging fruit of alphanumeric and maybe include special characters easily entered on a keyboard?

I understand that Security Through Obscurity Is Bad and relying on this as the sole method of choosing a password is a bad idea and I shouldn't choose a 1 character password with the assumption that no one would try my character. But I'm curious if anyone has information about how strong of a password something like "????????" would be based on how hackers actually work.

Explanation / Answer

Technically, characters are just sequences of bytes. So while that character may look incredibly exotic to you, there's nothing special about it. It may occupy a few more bytes than, say, an ASCII character (depending on the encoding), but that's it.

Of course an attacker will probably start with the low-hanging fruit (words from a dictionary, digits-only, alphanumerics etc.). But after this, they may very well switch to raw bytes, and then the only thing which protects you is the actual entropy of your password. Where the bytes come from is irrelevant. Instead of your exotic Unicode characters, you might as well use an equal amount of ASCII chars.

Another problem with Unicode is that it's not fully supported by all applications. Some don't support it at all, others only support the BMP. That means there's a certain risk that your password will be mangled in some way -- if they're even accepted.

So to answer your question: Yes, there is a benefit if you assume that the attacker will only go after

Related Questions

If I have a mixture of 50% 2-chlorobenzoic acid, 40% flourene, 10% 1,4-dibromobe
Question #543744
If I have a perfectly balanced and thus fair cubic die, then polish 3 adjacent f
Question #1372785
If I have a process that contains 3 threads and theses threads are running concu
Question #3858118
If I have a python dataframe and I am need to print out the column and row and v
Question #3795288
If I have a set of (edit) positive integers, and I\'m sure that the pseudo-polyn
Question #646130
If I have a water filter that will filter 100,000 gallons of water before it sto
Question #826007
If I have a yard full of cats and decided to make a histogram based on the color
Question #2490869
If I have an 3 eigen values E1 = 1 , E (2,3) = 2 <--- Doubly Degenerate Value, w
Question #2987191
Hire Me For All Your Tutoring Needs
Integrity-first tutoring: clear explanations, guidance, and feedback.
Drop an Email at
drjack9650@gmail.com
Chat Now And Get Quote

Navigate

Previous
If I understood correctly, the LHC will be shut down at the end of 2012 to prepa
Next
If I want to Drop my table and recreate it, how would I alter this SQL code? Ste

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.