Revision as of 19:24, 13 April 2022 edit Alandekok (talk \| contribs) 47 edits Add text on trade-offs between PPP/PAP and password storage methods. ← Previous edit		Revision as of 03:08, 14 April 2022 edit undo Dawnseeker2000 (talk \| contribs) Autopatrolled, Extended confirmed users, File movers, New page reviewers, Pending changes reviewers, Rollbackers 535,883 edits m Disambiguating links to TLS (link changed to Transport Layer Security; link changed to Transport Layer Security) using DisamAssist. Next edit →
Line 5: As the [[Point to Point Protocol\|Point to Point Protocol (PPP)]] sends data unencrypted and "in the clear", PAP is vulnerable to any attacker who can observe the PPP session. An attacker can see the users name, password, and any other information associated with the PPP session. Some additional security can be gained on the PPP link by using [[Challenge-handshake authentication protocol\|CHAP]] or [[Extensible Authentication Protocol\|EAP]]. However, there are always tradeoffs when choosing an authentication method, and there is no single answer for which is more secure. When PAP is used in PPP, it is considered a weak authentication scheme. Weak schemes are simpler and have lighter [[overhead (computing)\|computational overhead]] than more complex schemes such as [[~~TLS~~Transport Layer Security\|Transport Layer Security (TLS)]], but they are much more vulnerable to attack. While weak schemes are used where the transport layer is expected to be physically secure, such as a home DSL link. Where the transport layer is not physically secure a system such as [[~~TLS~~Transport Layer Security\|Transport Layer Security (TLS)]] or [[IPSec\|Internet Protocol Security (IPsec)]] is used instead. ===Other Uses of PAP===

Password Authentication Protocol: Difference between revisions