I recently set up my wirless network connection using netctl (which, itself uses wpa_supplicant) and stumbled upon the issue, that I would have to save my wireless password as plaintext.
After some search I found the little tool nt_password_hash which can be build from hostapd sources. I grapped the hostapd PKGBUILD and changed it to build and install only the nt_password_hash tool. (via this german discussion)
The new PKGBUILD can be found in the AUR: https://aur.archlinux.org/packages/host … word_hash/
So when using a WPA-EAP wirless network with MSCHAPv2 or MSCHAP one can use
# nt_password_hash MY_SECRET_PASSWORD
to generate a 16 digit MD4 hash and store that hash instead of the plaintext password to your wpa_supplicant.conf or netctl/netcfg configsection.
I hope I have done everything right with the PKGBUILD