PAP, CHAP, MS-CHAP 4.2 Flashcards
Point-to-Point Protocol (PPP Authentication)
If you need to authenticate on a point-to-point network, then you need PPP authentication. (Analog Dialup, ISDN) There are also derivatives of PPP, Point to point tunneling protocol (PPTP) and point to point protocol over ethernet (PPPoE) (DSL Authentication). If you need to authenticate over non-ethernet networks, you need PAP, CHAP, or MS-CHAP.
Password Authentication Protocol (PAP)
Old, not common to see, only used in legacy systems. It’s “in the clear”, no encryption authentication. It’s obviously a weak authentication scheme.
Challenge-Handshake Authentication Protocol (CHAP)
Created to provide more security than PAP. An encrypted challenge sent over the network. Three way handshake. After link is established, server sends a challenge message. The client responds with a password hash calculated form the challenge and the password. Server compares received hash with stored hash. This process will occur again periodically during connect w/o the user knowing its happening.
MS-CHAP
Microsoft’s version of CHAP. It’s not good. Security issues related to the use of DES protocol. It’s relatively easy to brute force. People use L2TP or IPsec or other secure VPN technology instead.