MSCHAPv2 Question on maximum password size

Jouni Malinen j at w1.fi
Fri Aug 28 14:32:09 EDT 2009


On Thu, Jul 23, 2009 at 06:18:18PM +0800, Soh Kam Yung wrote:

> I am writing a C-based wpa_supplicant front end for a linux based
> system to join a WPA-Enterprise PEAP-MSCHAPv2 network.
> 
> I looked at the MSCHAPv2 document [http://tools.ietf.org/html/rfc2759]
> to determine the maximum char array size for the username and
> password.
> 
> In Section 8 of the document, the Pseudocode mentions the following:
> 
> IN  0-to-256-char         UserName
> IN  0-to-256-unicode-char Password
> 
> For UserName, the maximum array size is 256 chars.
> 
> But for Password, what should be the maximum char array size?

wpa_supplicant processes the password as binary data and assumes it is
using 8-bit characters, i.e., not 16-bit unicode that RFC 2759 is using.
Anyway, the maximum length of the password is 256 octets which will be
internally be converted into 16-bit unicode characters by adding 0x00
octets.

-- 
Jouni Malinen                                            PGP id EFC895FA


More information about the HostAP mailing list