Sorry, my mail program tricked me and used the wrong destination address. ---------- Weitergeleitete Nachricht ----------
Betreff: Re: smbencrypt calculates false hash for German umlauts and other non-ASCII letters Datum: Samstag 07 September 2013, 19:13:17 Von: Matthias Nagel <matthias.h.na...@gmail.com> An: Alan DeKok <al...@deployingradius.com> Hello everybody, as it was me who came up with the issue. The password must be encoded as UTF-16 in little endian and then the MD4 is calculated. For example: Assume one uses "smbencrypt" from command line interface in order to calculate the hash. The linux console is set up to use "en-US.utf8". Then, at first a character encoding into UTF-16 little endian is necessary, and in a second step the MD4 hash can be calculated. Matthias Am Samstag 07 September 2013, 12:10:38 schrieben Sie: > Arran Cudbard-Bell wrote: > > Can't we assume src as UTF8 for NAI (RFC4282)? > > Ha, ha, ha, ha <cough>. 4282 is wrong. And no one implements any of it. > > The MS-CHAP RFCs are silent on the subject of character encoding. The > unofficial word from Microsoft is "MS-CHAP uses the local encoding". > > Ok... what's that? > > <hysterical laughter> No one knows. And there's no way to find out. > > And UTF-8 uses up to 5 octets for a character. MS-CHAP requires no > more than 2. > > There is *no* way to do the right thing. You can get close. > Sometimes. Maybe. But doing the right thing always? Impossible. > > Alan DeKok. > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html ---------------------------------------------------------------------- Matthias Nagel Parkstraße 27 76131 Karlsruhe Mobil: +49-151-15998774 e-Mail: matthias.h.na...@gmail.com ICQ: 499797758 Skype: nagmat84 ------------------------------------------------------------- ---------------------------------------------------------------------- Matthias Nagel Parkstraße 27 76131 Karlsruhe Mobil: +49-151-15998774 e-Mail: matthias.h.na...@gmail.com ICQ: 499797758 Skype: nagmat84 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html