Because it's encrypted with the same method as User-Password,
BUT it contains binary data. So it may have embedded zeros.
Which means the decoder needs to make it a fixed length,
instead of looking for zeros
ATTRIBUTE MS-RAS-Vendor 9 integer # content is Vendor-ID
ATTRIBUTE MS-CHAP-Domain 10 string
ATTRIBUTE MS-CHAP-Challenge 11 octets
-ATTRIBUTE MS-CHAP-MPPE-Keys 12 octets encrypt=1
+ATTRIBUTE MS-CHAP-MPPE-Keys 12 octets[24] encrypt=1
ATTRIBUTE MS-BAP-Usage 13 integer
ATTRIBUTE MS-Link-Utilization-Threshold 14 integer # values are 1-100
ATTRIBUTE MS-Link-Drop-Time-Limit 15 integer