RFC Errata
Found 2 records.
Status: Verified (2)
RFC 2759, "Microsoft PPP CHAP Extensions, Version 2", January 2000
Source of RFC: pppext (int)
Errata ID: 391
Status: Verified
Type: Technical
Publication Format(s) : TEXT
Reported By: Andrew Roughan
Date Reported: 2002-08-26
Section 9.3 says:
0-to-256-unicode-char Password: 4D 79 50 77 16-octet PasswordHash: FC 15 6A F7 ED CD 6C 0E DD E3 33 7D 42 7F 4E AC
It should say:
0-to-256-char Password: 4D 79 50 77 0-to-256-unicode-char NtPassword: 4D 00 79 00 50 00 77 00 16-octet NtPasswordHash: FC 15 6A F7 ED CD 6C 0E DD E3 33 7D 42 7F 4E AC
Errata ID: 1924
Status: Verified
Type: Technical
Publication Format(s) : TEXT
Reported By: Alexey Melnikov
Date Reported: 2009-10-22
Verifier Name: Brian Haberman
Date Verified: 2012-05-09
Section 8.3 says:
NtPasswordHash(
IN 0-to-256-unicode-char Password,
OUT 16-octet PasswordHash )
{
/*
* Use the MD4 algorithm [5] to irreversibly hash Password
* into PasswordHash. Only the password is hashed without
* including any terminating 0.
*/
}
It should say:
NtPasswordHash(
IN 0-to-256-unicode-char Password,
OUT 16-octet PasswordHash )
{
/*
* Use the MD4 algorithm [5] to irreversibly hash Password
* encoded in UTF-16-LE into PasswordHash.
* Only the password is hashed without
* including any terminating 0.
*/
}
Notes:
Section 8.3 is silent on Unicode encoding used for passwords.
Section 9.2 seem to imply that the Unicode encoding used in UTF-16-LE.