Authentication protocol: Difference between revisions

[[Password Authentication Protocol]] is one of the oldest authentication protocols. Authentication is initialized by the client sending a packet with [[credentials]] (username and password) at the beginning of the connection, with the client repeating the authentication request until acknowledgement is received.<ref>{{cite web|url = http://data.cedupoint.cz/oppa_e-learning/2_KME/044.pdf|title = Autentizacní telekomunikacních a datových sítích|date = |accessdate = 31 October 2015|website = |publisher = CVUT Prague|last = Vanek|first = Tomas|archive-url = https://web.archive.org/web/20160304080620/http://data.cedupoint.cz/oppa_e-learning/2_KME/044.pdf|archive-date = 4 March 2016|url-status = dead}}</ref> It is highly insecure because credentials are sent "[[Plaintext|in the clear]]" and repeatedly, making it vulnerable even to the most simple attacks like [[eavesdropping]] and [[man-in-the-middle]] based attacks. Although widely supported, it is specified that if an implementation offers a stronger authentication method, that method ''must'' be offered before PAP. Mixed authentication (e.g. the same client alternately using both PAP and CHAP) is also not expected, as the CHAP authentication would be compromised by PAP sending the password in plain-text.