Content deleted Content added
0928279937 Tags: Reverted Visual edit Mobile edit Mobile web edit |
Reverted to revision 946112328 by HaeB (talk): Rv v, and the previous edits contravene MOS:NOSECTIONLINKS |
||
Line 22:
[[File:PAP 2way handshake.png|thumb|PAP 2-way handshake scheme|461x461px]]
====PAP -
[[Password Authentication Protocol]] is one of the oldest authentication protocols. Authentication is initialized by the client sending a packet with [[credentials]] (username and password) at the beginning of the connection, with the client repeating the authentication request until acknowledgement is received.<ref>{{cite web|url = http://data.cedupoint.cz/oppa_e-learning/2_KME/044.pdf|title = Autentizacní telekomunikacních a datových sítích|date = |accessdate = 31 October 2015|website = |publisher = CVUT Prague|last = Vanek|first = Tomas|archive-url = https://web.archive.org/web/20160304080620/http://data.cedupoint.cz/oppa_e-learning/2_KME/044.pdf|archive-date = 4 March 2016|url-status = dead}}</ref> It is highly insecure because credentials are sent "[[Plaintext|in the clear]]" and repeatedly, making it vulnerable even to the most simple attacks like [[eavesdropping]] and [[man-in-the-middle]] based attacks. Although widely supported, it is specified that if an implementation offers a stronger authentication method, that method ''must'' be offered before PAP. Mixed authentication (e.g. the same client alternately using both PAP and CHAP) is also not expected, as the CHAP authentication would be compromised by PAP sending the password in plain-text.
Line 29:
The authentication process in this protocol is always initialized by the server/host and can be performed anytime during the session, even repeatedly. Server sends a random string (usually 128B long). The client uses password and the string received as parameters for MD5 hash function and then sends the result together with username in plain text. Server uses the username to apply the same function and compares the calculated and received hash. An authentication is successful or unsuccessful.
====EAP -
EAP was originally developed for PPP(Point-to-Point Protocol) but today is widely used in [[IEEE 802.3]], [[IEEE 802.11]](WiFi) or [[IEEE 802.16]] as a part of [[IEEE 802.1x]] authentication framework. The latest version is standardized in RFC 5247. The advantage of EAP is that it is only a general authentication framework for client-server authentication - the specific way of authentication is defined in its many versions called EAP-methods. More than 40 EAP-methods exist, the most common are:
Line 72:
* [[Secure Remote Password protocol]] (SRP)
* [[RFID-Authentication Protocols]]
* [[Woo Lam 92 (protocol)
* [[SAML]]
| |||