<div dir="ltr">Yes sorry, you're right, the issue starts with the null code point. Python seems to have problems starting there too. It might work if we took that out.</div><div class="gmail_extra"><br><br><div class="gmail_quote">
On Wed, Jul 16, 2014 at 11:17 AM, Andreas Schildbach <span dir="ltr"><<a href="mailto:andreas@schildbach.de" target="_blank">andreas@schildbach.de</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Guys, you are always talking about the Unicode astral plane, but in fact<br>
its a plain old (ASCII) control character where this problem starts and<br>
likely ends: \u0000.<br>
<br>
Let's ban/filter ISO control characters and be done with it. Most<br>
control characters will never be enterable by any keyboard into a<br>
password field. Of course I assume that Character.isISOControl() works<br>
consistently across platforms.<br>
<br>
<a href="http://docs.oracle.com/javase/7/docs/api/java/lang/Character.html#isISOControl%28char%29" target="_blank">http://docs.oracle.com/javase/7/docs/api/java/lang/Character.html#isISOControl%28char%29</a><br>
<div class="HOEnZb"><div class="h5"><br>
<br>
On 07/16/2014 12:23 AM, Aaron Voisine wrote:<br>
> If the user creates a password on an iOS device with an astral<br>
> character and then can't enter that password on a JVM wallet, that<br>
> sucks. If JVMs really can't support unicode NFC then that's a strong<br>
> case to limit the spec to the subset of unicode that all popular<br>
> platforms can support, but it sounds like it might just be a JVM<br>
> string library bug that could hopefully be reported and fixed. I get<br>
> the same result as in the test case using apple's<br>
> CFStringNormalize(passphrase, kCFStringNormalizationFormC);<br>
><br>
> Aaron Voisine<br>
> <a href="http://breadwallet.com" target="_blank">breadwallet.com</a><br>
><br>
><br>
> On Tue, Jul 15, 2014 at 11:20 AM, Mike Hearn <<a href="mailto:mike@plan99.net">mike@plan99.net</a>> wrote:<br>
>> Yes, we know, Andreas' code is indeed doing normalisation.<br>
>><br>
>> However it appears the output bytes end up being different. What I get back<br>
>> is:<br>
>><br>
>> cf930001303430300166346139<br>
>><br>
>> vs<br>
>><br>
>> cf9300f0909080f09f92a9<br>
>><br>
>> from the spec.<br>
>><br>
>> I'm not sure why. It appears this is due to the character from the astral<br>
>> planes. Java is old and uses 16 bit characters internally - it wouldn't<br>
>> surprise me if there's some weirdness that means it doesn't/won't support<br>
>> this kind of thing.<br>
>><br>
>> I recommend instead that any implementation that wishes to be compatible<br>
>> with JVM based wallets (I suspect Android is the same) just refuse any<br>
>> passphrase that includes characters outside the BMP. At least unless someone<br>
>> can find a fix. I somehow doubt this will really hurt anyone.<br>
>><br>
>> ------------------------------------------------------------------------------<br>
>> Want fast and easy access to all the code in your enterprise? Index and<br>
>> search up to 200,000 lines of code with a free copy of Black Duck<br>
>> Code Sight - the same software that powers the world's largest code<br>
>> search on Ohloh, the Black Duck Open Hub! Try it now.<br>
>> <a href="http://p.sf.net/sfu/bds" target="_blank">http://p.sf.net/sfu/bds</a><br>
>> _______________________________________________<br>
>> Bitcoin-development mailing list<br>
>> <a href="mailto:Bitcoin-development@lists.sourceforge.net">Bitcoin-development@lists.sourceforge.net</a><br>
>> <a href="https://lists.sourceforge.net/lists/listinfo/bitcoin-development" target="_blank">https://lists.sourceforge.net/lists/listinfo/bitcoin-development</a><br>
>><br>
><br>
> ------------------------------------------------------------------------------<br>
> Want fast and easy access to all the code in your enterprise? Index and<br>
> search up to 200,000 lines of code with a free copy of Black Duck<br>
> Code Sight - the same software that powers the world's largest code<br>
> search on Ohloh, the Black Duck Open Hub! Try it now.<br>
> <a href="http://p.sf.net/sfu/bds" target="_blank">http://p.sf.net/sfu/bds</a><br>
><br>
<br>
<br>
<br>
------------------------------------------------------------------------------<br>
Want fast and easy access to all the code in your enterprise? Index and<br>
search up to 200,000 lines of code with a free copy of Black Duck<br>
Code Sight - the same software that powers the world's largest code<br>
search on Ohloh, the Black Duck Open Hub! Try it now.<br>
<a href="http://p.sf.net/sfu/bds" target="_blank">http://p.sf.net/sfu/bds</a><br>
_______________________________________________<br>
Bitcoin-development mailing list<br>
<a href="mailto:Bitcoin-development@lists.sourceforge.net">Bitcoin-development@lists.sourceforge.net</a><br>
<a href="https://lists.sourceforge.net/lists/listinfo/bitcoin-development" target="_blank">https://lists.sourceforge.net/lists/listinfo/bitcoin-development</a><br>
</div></div></blockquote></div><br></div>