check MSCHAPV2 authenticator response

Jouni Malinen jkmaline
Thu Aug 10 20:03:59 PDT 2006

On Thu, Aug 10, 2006 at 01:37:58PM -0700, Andrew wrote:
> For the MSChapV2 protocol the Authenticator Response is 42 bit,
> according to RFC 2759, Sect. 8.7.

Please take a closer look at how the response is encoded. The digest is
calculated using SHA-1 which uses 160-bit (20 byte) hash value. Encoding
converts this to a hex string (2 characters per 8 bits of data). With
the added S= prefix, this is total of 42 characters.

> What is the reason, in file  eap_mschapv2.c, eap_ttls.c, only 20 bits
> are checked?
> in line 
>             memcmp(data->auth_response, recv_response, 20) != 0)

Because the real response data is only 20 bytes long (160-bit SHA-1 hash

Jouni Malinen                                            PGP id EFC895FA

More information about the Hostap mailing list