MSCHAPv2 Question on maximum password size

Soh Kam Yung sohkamyung at
Mon Aug 31 22:50:05 EDT 2009

On Sat, Aug 29, 2009 at 2:00 PM, Alan DeKok<aland at> wrote:
> Jouni Malinen wrote:
>> wpa_supplicant processes the password as binary data and assumes it is
>> using 8-bit characters, i.e., not 16-bit unicode that RFC 2759 is using.
>> Anyway, the maximum length of the password is 256 octets which will be
>> internally be converted into 16-bit unicode characters by adding 0x00
>> octets.
>  Which is probably the best solution, even if the input is UTF-8.
> Converting the UTF-8 to Microsofts version of UCS2 is awkward, to say
> the least.
>  I've talked with Microsoft about this (at IETF), and their conclusion
> was that the simple conversion was probably the best.  They weren't even
> sure if different versions of Windows acted consistently.  Apparently
> there are multiple implementations of the MSCHAP code, even inside of
> Microsoft.
>  Alan DeKok.

Jouni, Alan,

Thanks for the feedback.

So, wpa_supplicant is expecting at most 256 octets (bytes) for the
password. I will use this at the limit for the entry field in my
application also.

I just checked the wpa_supplicant configuration options.  Both
identity and password fields are expected to be C-strings.  Does this
mean that the NULL character cannot be part of both fields?  Could
this be a problem?

Soh Kam Yung
my Google Reader Shared links:
my Google Reader Shared SFAS links:

More information about the HostAP mailing list