I recently started web development using django. While working on the user registration page, I was researching few things on the password.
Web sites generally place restrictions on the characters that can be used in password. For example spaces or angle brackets cannot be used .
Because all inputs are cleaned and hashed before they are stored to the Database, using any printable ascii characters in password shouldn't really be a problem... right? or am I missing anything.
You're not missing anything. Most of the time, the only reason to exclude spaces or any printable ASCII character is because of bad coding.
The other times, it's for disambiguation of similar-looking characters for autogenerated passwords (I-l-1, O-0, etc.).
Your only concern with contents of passwords should be about Unicode normalization. There are subtle differences in the Unicode symbols generated by different operating systems — for example, some might encode letters like "à" as a single character (U+00E0), while others might produce "à" (two characters: the plain latin letter a, followed by the combining grave accent character U+0300). You should normalize Unicode passwords before hashing them in order to make sure that when your users type their passwords on different operating systems, such differences would not prevent them from gaining access to their accounts.
>>> a1 = u'à'
>>> a2 = u'à'
>>> a1
u'\xe0'
>>> a2
u'a\u0300'
>>> a1 == a2
False
>>> from unicodedata import normalize
>>> normalize('NFC', a1) == normalize('NFC', a2)
True
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With