Solved

why is PAP more secure than CHAP?

Posted on 2010-09-14
1
585 Views
Last Modified: 2012-05-10
What are the features that make PAP security better than CHAP security?
0
Comment
Question by:matthewharris38
1 Comment
 
LVL 38

Accepted Solution

by:
Adam Brown earned 125 total points
ID: 33674276
Actually, PAP is much *less* security than CHAP, because PAP actually sends authentication information unencrypted over the network (Please read the wiki on PAP: http://en.wikipedia.org/wiki/Password_authentication_protocol). Unless clients are using Windows 95 or some other really old client OS to connect remotely, PAP is *not* a good thing to use. CHAP, on the other hand, transmits a challenge request to a client, which is based on the client's authentication information, and the client then responds with a hashed value that the server then checks against an expected result. If the result matches the expected result, the connection is then established. CHAP performs this check at random intervals for the duration of the remote session.

Now, if you happen to be referring to PEAP and not PAP, PEAP is significantly better than CHAP because it uses stronger algorithms and also involves a bit of Public Key cryptography to secure authentication traffic. PEAP utilizes TLS to encrypt authentication traffic. In order to work properly, PEAP requires the connection server to have a PKI certificate installed in order to encrypt traffic. Stronger versions of PEAP can utilize smart cards for authentication with full Public Key Cryptography.
0

Featured Post

Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

Join & Write a Comment

Phishing is at the top of most security top 10 efforts you should be pursuing in 2016 and beyond. If you don't have phishing incorporated into your Security Awareness Program yet, now is the time. Phishers, and the scams they use, are only going to …
Ransomware continues to be a growing problem for both personal and business users alike and Antivirus companies are still struggling to find a reliable way to protect you from this dangerous threat.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now