Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Use the NIST publication for better password validation #37

Open
Vlix opened this issue Dec 23, 2020 · 2 comments
Open

Use the NIST publication for better password validation #37

Vlix opened this issue Dec 23, 2020 · 2 comments
Labels
enhancement New feature or request good first issue Good for newcomers help wanted Extra attention is needed

Comments

@Vlix
Copy link
Collaborator

Vlix commented Dec 23, 2020

@agentultra shared an interesting PDF of the NIST about how to go about handling and enforcing passwords (memorized secrets) and it has some interesting guidelines that make a lot of sense that could be implemented in the Data.Password.Validate module. (I've only really looked at a bit of chapter 5.1, but there're some good things in there)

I'd like to keep this issue open for discussion and coordination when someone wants to pick this up.

@cdepillabout
Copy link
Owner

It sounds like this could be a good first issue. The amount of modifications that would need to be done in our code-base are probably pretty small (although you would need to take time to understand the recommendations from the PDF).

@cdepillabout cdepillabout added good first issue Good for newcomers enhancement New feature or request help wanted Extra attention is needed labels Dec 24, 2020
@Vlix
Copy link
Collaborator Author

Vlix commented Dec 28, 2020

I've found a library that might help with allowing Unicode: https://hackage.haskell.org/package/unicode-transforms
Not sure it "normalizes" the given Text to the NIST correct form, but just leaving this here for posterity.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
enhancement New feature or request good first issue Good for newcomers help wanted Extra attention is needed
Projects
None yet
Development

No branches or pull requests

2 participants