OK, not even close to a programming question, but I'll answer it anyway.
The policy for what is and is not allowable in a password is decided by the individual application/website etc.
So long as the characters are valid input for a password, they can be brute-forced just as easily as any other character. A short password with strange characters is still many times weaker than a longer password made from alphanumeric characters.
这取决于很多因素,包括哪个程序接受密码、它们存储密码的位置和方式、服务器和客户端运行的平台以及其他可能的平台。您可以使用此密码从 Windows 客户端登录,但不能从 Unix 客户端登录(反之亦然)。如果这是一个网络应用程序,它可能可以在一种浏览器上运行,但不能在另一种浏览器上运行。或者它在英语机器和日语机器上的工作方式可能不同。
我建议不要这样做。想出安全的 7 位 ASCII 密码很容易,但实际上没有必要走这条路。
It would depend a bunch of things, including what program is accepting the password, where and how are they storing it, what platforms the server and client are running on, and likely others. You may be able to log in using this password from a Windows client but not Unix (or vice versa). If this is a web app, it might work on one browser but not another. Or it might work differently on an English machine vs. a Japanese machine.
I would recommend against this. It's easy enough to come up with secure 7-bit ASCII passwords that going down this road isn't really necessary.
If the question is "can I use these," then the answer is "maybe." You will need to test them thoroughly to make sure that your application(s) support extended ASCII characters in passwords. If you use various operating systems or mixed-language systems, it's somewhat less likely that they'll be compatible because you start getting into different issues with encodings. There are many versions of the so-called extended ASCII set and they can be represented very differently.
If the question is "are these more secure," then the answer is "not really." Sure, increasing the number of characters that can potentially be included in a password increases its entropy value and increases the amount of time it would take for password-cracking software to crack the password. However, in practice, it's relatively unlikely that you'll see much difference by adding 5 or 6 extra characters. You can get a sufficient level of security with the password complexity requirements that are already well-supported, and tactics like increasing the minimum length of your password (perhaps to something like a pass phrase, rather than a simple word) will make cracking much more difficult than a few additional characters.
Also see the documentation for passwords in Windows Server:
An example of a strong password is J*p2leO4>F.
A password can meet most of the criteria of a strong password but still be rather weak. For example, Hello2U! is a relatively weak password even though it meets most of the criteria for a strong password and also meets the complexity requirements of password policy. H!elZl2o is a strong password because the dictionary word is interspersed with symbols, numbers, and other letters. It is important to educate users about the benefits of using strong passwords and to teach them how to create passwords that are actually strong.
You can create passwords that contain characters from the extended ASCII character set. Using extended ASCII characters increases the number of characters that you can choose when you create a password. As a result, it might take more time for password-cracking software to crack passwords that contain these extended ASCII characters than it does to crack other passwords. Before using extended ASCII characters in your password, test them thoroughly to make sure that passwords containing extended ASCII characters are compatible with the applications that your organization uses. Be especially cautious about using extended ASCII characters in passwords if your organization uses several different operating systems.
You can find extended ASCII characters in Character Map. Some extended ASCII characters should not be used in passwords. Do not use a character if a keystroke is not defined for it in the lower-right corner of the Character Map dialog box. For more information about how to use Character Map, see Using Character Map.
发布评论
评论(3)
好吧,甚至还没有接近编程问题,但无论如何我都会回答它。
OK, not even close to a programming question, but I'll answer it anyway.
这取决于很多因素,包括哪个程序接受密码、它们存储密码的位置和方式、服务器和客户端运行的平台以及其他可能的平台。您可以使用此密码从 Windows 客户端登录,但不能从 Unix 客户端登录(反之亦然)。如果这是一个网络应用程序,它可能可以在一种浏览器上运行,但不能在另一种浏览器上运行。或者它在英语机器和日语机器上的工作方式可能不同。
我建议不要这样做。想出安全的 7 位 ASCII 密码很容易,但实际上没有必要走这条路。
It would depend a bunch of things, including what program is accepting the password, where and how are they storing it, what platforms the server and client are running on, and likely others. You may be able to log in using this password from a Windows client but not Unix (or vice versa). If this is a web app, it might work on one browser but not another. Or it might work differently on an English machine vs. a Japanese machine.
I would recommend against this. It's easy enough to come up with secure 7-bit ASCII passwords that going down this road isn't really necessary.
如果问题是“我可以使用这些”,那么答案是“也许”。您需要彻底测试它们,以确保您的应用程序支持密码中的扩展 ASCII 字符。如果您使用各种操作系统或混合语言系统,它们兼容的可能性就较小,因为您开始遇到不同的编码问题。所谓的扩展 ASCII 集有许多版本,它们的表示方式也有很大不同。
如果问题是“这些更安全吗”,那么答案是“不是真的。”当然,增加密码中可能包含的字符数会增加其熵值并增加数量密码破解软件破解密码需要一定的时间。然而,实际上,通过添加 5 或 6 个额外字符,您不太可能看到很大的差异。通过已经得到良好支持的密码复杂性要求以及增加密码最小长度等策略(可能类似于密码短语,而不是简单的密码),您可以获得足够的安全级别。 word)将使破解比几个额外的字符困难得多。
另请参阅文档了解 Windows Server 中的密码:
If the question is "can I use these," then the answer is "maybe." You will need to test them thoroughly to make sure that your application(s) support extended ASCII characters in passwords. If you use various operating systems or mixed-language systems, it's somewhat less likely that they'll be compatible because you start getting into different issues with encodings. There are many versions of the so-called extended ASCII set and they can be represented very differently.
If the question is "are these more secure," then the answer is "not really." Sure, increasing the number of characters that can potentially be included in a password increases its entropy value and increases the amount of time it would take for password-cracking software to crack the password. However, in practice, it's relatively unlikely that you'll see much difference by adding 5 or 6 extra characters. You can get a sufficient level of security with the password complexity requirements that are already well-supported, and tactics like increasing the minimum length of your password (perhaps to something like a pass phrase, rather than a simple word) will make cracking much more difficult than a few additional characters.
Also see the documentation for passwords in Windows Server: