smbencrypt calculates false hash for German umlauts and other non-ASCII letters

Arran Cudbard-Bell a.cudbardb at freeradius.org
Sat Sep 7 17:57:05 CEST 2013


On 7 Sep 2013, at 16:43, Alan DeKok <aland at deployingradius.com> wrote:

> Matthias Nagel wrote:
>> Hi Phil,
>>> Probably a fairly trivial patch if you feel like it ;o)
>> I had a quick glace at the source code and I found two files named "smbencrypt.c". If you give me a hint, which is the correct file to start with, I will brosw the source code from that point and see what I can do. But probably not before next month.
> 
>  Please check src/modules/rlm_mschap/smbencrypt.c
> 
>  The main issue is that there is *no* character set information in the
> MS-CHAP calculations.  The character set could be UTF-8, or any
> non-standard 16-bit encoding.  So the calculation of the NT hash will
> depend on the character set... which is largely secret.
> 
>  This makes it very difficult to create the *correct* NT hash.

Can't we assume src as UTF8 for NAI (RFC4282)?

Arran Cudbard-Bell <a.cudbardb at freeradius.org>
FreeRADIUS Development Team



More information about the Freeradius-Users mailing list