MSCHAPv2 Question on maximum password size

Jouni Malinen j
Fri Aug 28 11:32:09 PDT 2009

On Thu, Jul 23, 2009 at 06:18:18PM +0800, Soh Kam Yung wrote:

> I am writing a C-based wpa_supplicant front end for a linux based
> system to join a WPA-Enterprise PEAP-MSCHAPv2 network.
> I looked at the MSCHAPv2 document []
> to determine the maximum char array size for the username and
> password.
> In Section 8 of the document, the Pseudocode mentions the following:
> IN  0-to-256-char         UserName
> IN  0-to-256-unicode-char Password
> For UserName, the maximum array size is 256 chars.
> But for Password, what should be the maximum char array size?

wpa_supplicant processes the password as binary data and assumes it is
using 8-bit characters, i.e., not 16-bit unicode that RFC 2759 is using.
Anyway, the maximum length of the password is 256 octets which will be
internally be converted into 16-bit unicode characters by adding 0x00

Jouni Malinen                                            PGP id EFC895FA

More information about the Hostap mailing list