Mac OSX + PEAP/MSCHAPv2 + Special characters in password

Stefan Paetow Stefan.Paetow at
Wed May 14 17:36:41 CEST 2014

Unfortunately all too much software makes that mistake. :-/


-----Original Message-----
From: at [ at] On Behalf Of Phil Mayers
Sent: 14 May 2014 16:03
To: freeradius-users at
Subject: Re: Mac OSX + PEAP/MSCHAPv2 + Special characters in password

On 14/05/14 14:21, Olivier Beytrison wrote:
> On 14.05.2014 15:12, Phil Mayers wrote:
>> What locale are those OSX devices set to?
> fr_CH.UTF-8

They could be making the obvious mistake of treating the password as bytes rather than a unicode string, and generating "pseudo" utf-16-le by padding "xyz" to "x\x00y\x00z\x00"

The string:

test§ UTF-8 bytes 74657374c2a7 (note the "c2" in penultimate octet)

...but UTF-16-LE 7400650073007400a700

If they are making this obvious mistake, they're effectively generating the MD4/NT hash from "test§" instead of "test§". Might be possible to confirm this by changing the server-side password to the "wrong" one.
List info/subscribe/unsubscribe? See

Janet(UK) is a trading name of Jisc Collections and Janet Limited, a 
not-for-profit company which is registered in England under No. 2881024 
and whose Registered Office is at Lumen House, Library Avenue,
Harwell Oxford, Didcot, Oxfordshire. OX11 0SG. VAT No. 614944238

More information about the Freeradius-Users mailing list