Authentication protocol: Difference between revisions

Protocols are used mainly by [[Point-to-Point Protocol]] (PPP) servers to validate the identity of remote clients before granting them access to server data. Most of them use a password as the cornerstone of the authentication. In most cases, the password has to be shared between the communicating entities in advance.<ref>{{cite web|url = http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.45.6423&rep=rep1&type=pdfdocument|title = Public-key cryptography and password protocols|date = |accessdate = 31 October 2015|website = citeseerx.ist.psu.edu|publisher = |last = Halevi|first = Shai|citeseerx = 10.1.1.45.6423}}</ref>

[[Password Authentication Protocol]] is one of the oldest authentication protocols. Authentication is initialized by the client sending a packet with [[credentials]] (username and password) at the beginning of the connection, with the client repeating the authentication request until acknowledgement is received.<ref>{{cite web|url = http://data.cedupoint.cz/oppa_e-learning/2_KME/044.pdf|title = Autentizacní telekomunikacních a datových sítích|date = |accessdate = 31 October 2015|website = |publisher = CVUT Prague|last = Vanek|first = Tomas|archive-url = https://web.archive.org/web/20160304080620/http://data.cedupoint.cz/oppa_e-learning/2_KME/044.pdf|archive-date = 4 March 2016|url-status = dead}}</ref> It is highly insecure because credentials are sent "[[Plaintext|in the clear]]" and repeatedly, making it vulnerable even to the most simple attacks like [[eavesdropping]] and [[man-in-the-middle]] based attacks. Although widely supported, it is specified that if an implementation offers a stronger authentication method, that method ''must'' be offered before PAP. Mixed authentication (e.g. the same client alternately using both PAP and CHAP) is also not expected, as the CHAP authentication would be compromised by PAP sending the password in plain-text.