Mac OSX + PEAP/MSCHAPv2 + Special characters in password

Phil Mayers p.mayers at
Wed May 14 17:03:11 CEST 2014

On 14/05/14 14:21, Olivier Beytrison wrote:
> On 14.05.2014 15:12, Phil Mayers wrote:
>> What locale are those OSX devices set to?
> fr_CH.UTF-8

They could be making the obvious mistake of treating the password as 
bytes rather than a unicode string, and generating "pseudo" utf-16-le by 
padding "xyz" to "x\x00y\x00z\x00"

The string:

test§ UTF-8 bytes 74657374c2a7 (note the "c2" in penultimate octet)

...but UTF-16-LE 7400650073007400a700

If they are making this obvious mistake, they're effectively generating 
the MD4/NT hash from "test§" instead of "test§". Might be possible to 
confirm this by changing the server-side password to the "wrong" one.

More information about the Freeradius-Users mailing list