Using SHA512 hash for EAP-MSCHAPv2

Alan DeKok aland at
Fri Aug 24 14:16:48 CEST 2018

On Aug 24, 2018, at 1:42 AM, Lukas Nuth <l.nuth at> wrote:
> Is it possible to authenticate a client with PEAP-MSCHAPv2 when I store the password in a MySQL database as SHA512 hash.


> Or is there another way to authenticate the client? The password should be stored as SHA512 hash.

  TTLS with embedded PAP.  That's it.

> The client supports EAP-TLS, EAP-TTLS, LEAP and PEAP  and for phase 2: PEAP-MSCHAPv2 and PEAP-TLS or EAP-TTLS with CHAP, MSCHAP, MSCHAPv2, PAP and MD5

  Don't use LEAP for anything.  It's insecure.

  Alan DeKok.

More information about the Freeradius-Users mailing list