Is there a valid case for an empty password?

Weijun Wang at
Thu Oct 11 23:19:45 EDT 2018

We are planning to disallow empty passwords for PBKDF2 in JDK. However, some years ago I did receive a bug report to support empty passwords on Windows 200x. Is it really a valid password?


More information about the krbdev mailing list