Content deleted Content added
→Other uses of PAP: Fixed link Tags: Mobile edit Mobile web edit Advanced mobile edit |
m Removed a redundant link and fixed grammar |
||
| (2 intermediate revisions by 2 users not shown) | |||
Line 5:
As the [[Point-to-Point Protocol]] (PPP) sends data unencrypted and "in the clear", PAP is vulnerable to any attacker who can observe the PPP session. An attacker can see the users name, password, and any other information associated with the PPP session. Some additional security can be gained on the PPP link by using [[Challenge-Handshake Authentication Protocol|CHAP]] or [[Extensible Authentication Protocol|EAP]]. However, there are always tradeoffs when choosing an authentication method, and there is no single answer for which is more secure.
When PAP is used in PPP, it is considered a weak authentication scheme. Weak schemes are simpler and have lighter [[overhead (computing)|computational overhead]] than more complex schemes, such as [[Transport Layer Security]] (TLS), but they are much more vulnerable to attack.
==Other uses of PAP==
Line 11:
==Benefits of PAP==
When the client sends a clear-text password, the authentication server will receive it, and compare it to a "known good" password. Since the authentication server has received the password in clear-text, the [[Password#
As a result, while PAP passwords are less secure when sent over a PPP link, they allow for more secure storage "at rest" than with other methods such as [[Challenge-handshake authentication protocol|CHAP]].
==Working cycle==
PAP authentication is only done at the time of the initial link establishment, and verifies the identity of the client using a [[
#Client sends username and password. This is sent repeatedly until a response is received from the server.
Line 86:
[[Category:Internet protocols]]
[[Category:Authentication protocols]]
| |||