Revision as of 05:22, 8 November 2020 edit SpongebobSquarepants25 (talk \| contribs) 103 edits m Added a citation in the lead Tag: Visual edit ← Previous edit		Revision as of 19:14, 13 April 2022 edit undo Alandekok (talk \| contribs) 47 edits The issue with PAP is not "PAP is in secure". The issue is that PPP does not encrypt or secure any of the PPP data. And PAP is carried inside of PPP. Further, the "geeks for geeks" site has a lot of misleading and/or incorrect statements about PAP versus CHAP. Tag: Disambiguation links added Next edit →
Line 1: '''Password Authentication Protocol''' ('''PAP''') is a [[password]]-based [[authentication protocol]] used by [[Point to Point Protocol\|Point to Point Protocol (PPP)]] to validate users.<ref>{{Cite web\|date=2018-07-17\|title=Password Authentication Protocol (PAP)\|url=https://www.geeksforgeeks.org/password-authentication-protocol-pap/\|access-date=2020-11-08\|website=GeeksforGeeks\|language=en-US}}</ref> ~~Almost all [[network operating system]] remote servers support PAP.~~ PAP is specified in {{IETF RFC\|1334}}. Almost all [[network operating system]]s support PPP with PAP, as do most [[network access server]]s. PAP is also used in [[PPPoE]], for authenticating DSL users. PAP is considered a weak authentication scheme (weak schemes are simple and have lighter [[overhead (computing)\|computational overhead]] but are much more vulnerable to attack; while weak schemes may have limited application in some constrained environments, they are avoided in general). Among PAP's deficiencies is the fact that it transmits unencrypted passwords (i.e. in plain-text) over the network. PAP is therefore used only as a last resort when the remote server does not support a stronger scheme such as [[Challenge-handshake authentication protocol\|CHAP]] or [[Extensible Authentication Protocol\|EAP]]. As the [[Point to Point Protocol\|Point to Point Protocol (PPP)]] sends data unencrypted and "in the clear", PAP is vulnerable to any attacker who can observe the PPP session. An attacker can see the users name, password, and any other information associated with the PPP session. Some additional security can be gained on the PPP link by using [[Challenge-handshake authentication protocol\|CHAP]] or [[Extensible Authentication Protocol\|EAP]]. PAP by itself is therefore considered a weak authentication scheme. Weak schemes are simpler and have lighter [[overhead (computing)\|computational overhead]] than more complex schemes such as [[TLS\|Transport Layer Security (TLS)]], but they are much more vulnerable to attack. While weak schemes are used where the transport layer is expected to be physically secure, such as a home DSL link. Where the transport layer is not physically secure a system such as [[TLS\|Transport Layer Security (TLS)]] or [[IPSec\|Internet Protocol Security (IPsec)]] is used instead. ===Other Uses of PAP=== PAP is also used to describe password authentication in other protocols such as [[RADIUS]] and [[Diameter]]. However, those protocols provide for transport or network layer security, and this do not have the security issues seen when PAP is used with PPP. ==Working cycle==

Password Authentication Protocol: Difference between revisions