[RADIATOR] Unicode in nthash passwords

Mon May 11 18:57:38 UTC 2026

> > The system that feeds our database with NT hashes certainly does not
> > normalize to NFD (o_umlaut -> o + combining umlaut), as I have seen
> > precomposed characters with umlauts. I am not sure if it normalizes to
> > NFC or NFKC (o + combining umlaut -> o_umlaut), but I doubt it. In
> > fairness, Windows's password routines don't seem to perform any
> > normalization either.
>
> I think including normalization support is a good idea in general, but
> "don't normalize and hope for the best" should be one of the options.

Sadly, Windows with its 30+ year history and questionable encoding practices from the 16/32-bit era (with code pages and the lot) will always carry a lot of cruft with it, and I think where possible, Windows relies on its default encoding for the likes of the Umlauts (ä, ë, ï, ö, ü etc) because they exist in the extended ASCII table. Same happens for the GBP Sterling symbol (£) which is character 156 in extended ASCII (on CP437), but 163 in Unicode, ISO-8859-[1/3/7/9] and Windows-125[2-8].

I know the Yen and the Euro have similar issues. Euro shows up as character 128 in Windows-1252, but in extended ASCII that's a capital C-cedilla (Ç). The Euro is replaced by another character on specific Windows code pages and doesn't exist at all in ISO-8859: https://www.ascii-code.com/CP1252/128

So I'm all for identity providers to specify which encoding should be used. 

:-)

Stefan Paetow 
Federated Roaming Technical Specialist 
eduroam(UK), Jisc 

email/teams: stefan.paetow at jisc.ac.uk 
gpg: 0x3FCE5142 

For eduroam support, please contact the eduroam team via help at jisc.ac.uk and mark it for eduroam’s attention. 
I am not available on Mondays and Fridays between 12:00 and 15:00 London time (UTC in winter, UTC+0100 in summer). 

Note: I don’t expect a reply outside of your working hours, since I work internationally with colleagues in different nationalities with different religions, customs, and holidays. Reply when it is convenient for you. 

Jisc is a registered charity (in England and Wales under charity number 1149740; in Scotland under charity number SC053607) and a company limited by guarantee registered in England under company number 05747339, VAT number GB 197 0632 86. Jisc's registered office is: 4 Portwall Lane, Bristol, BS1 6NB. T 0203 697 5800. 

Jisc Services Limited is a wholly owned Jisc subsidiary and a company limited by guarantee which is registered in England under company number 02881024, VAT number GB 197 0632 86. The registered office is: 4 Portwall Lane, Bristol, BS1 6NB. T 0203 697 5800. 

For more details on how Jisc handles your data see our privacy notice here: https://www.jisc.ac.uk/website/privacy-notice 