Is there a valid case for an empty password?

Weijun Wang at
Thu Oct 11 23:25:53 EDT 2018

I checked the history, sorry for blaming Windows. It was requested by an embedded server vendor.

> On Oct 12, 2018, at 11:19 AM, Weijun Wang < at> wrote:
> We are planning to disallow empty passwords for PBKDF2 in JDK. However, some years ago I did receive a bug report to support empty passwords on Windows 200x. Is it really a valid password?
> Thanks
> Max

More information about the krbdev mailing list