MSCHAPv2 Question on maximum password size

Jouni Malinen j
Sun Sep 6 06:51:02 PDT 2009

On Tue, Sep 01, 2009 at 10:50:05AM +0800, Soh Kam Yung wrote:
> I just checked the wpa_supplicant configuration options.  Both
> identity and password fields are expected to be C-strings.  Does this
> mean that the NULL character cannot be part of both fields?  Could
> this be a problem?

No, neither identity nor password fields are C strings; they are
used as arbitrary binary data with a separate length field indicating
how many octets of data there are. You can use 0x00 octets in either if
you really want to (and are able to do the same at the authentication
server). If using the text-based configuration backend in
wpa_supplicant, you will need to encode such data as a hex string
instead of text string inside double quotation marks.

Jouni Malinen                                            PGP id EFC895FA

More information about the Hostap mailing list