Solved

why is PAP more secure than CHAP?

Posted on 2010-09-14
1
626 Views
Last Modified: 2012-05-10
What are the features that make PAP security better than CHAP security?
0
Comment
Question by:matthewharris38
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
1 Comment
 
LVL 41

Accepted Solution

by:
Adam Brown earned 125 total points
ID: 33674276
Actually, PAP is much *less* security than CHAP, because PAP actually sends authentication information unencrypted over the network (Please read the wiki on PAP: http://en.wikipedia.org/wiki/Password_authentication_protocol). Unless clients are using Windows 95 or some other really old client OS to connect remotely, PAP is *not* a good thing to use. CHAP, on the other hand, transmits a challenge request to a client, which is based on the client's authentication information, and the client then responds with a hashed value that the server then checks against an expected result. If the result matches the expected result, the connection is then established. CHAP performs this check at random intervals for the duration of the remote session.

Now, if you happen to be referring to PEAP and not PAP, PEAP is significantly better than CHAP because it uses stronger algorithms and also involves a bit of Public Key cryptography to secure authentication traffic. PEAP utilizes TLS to encrypt authentication traffic. In order to work properly, PEAP requires the connection server to have a PKI certificate installed in order to encrypt traffic. Stronger versions of PEAP can utilize smart cards for authentication with full Public Key Cryptography.
0

Featured Post

Three Reasons Why Backup is Strategic

Backup is strategic to your business because your data is strategic to your business. Without backup, your business will fail. This white paper explains why it is vital for you to design and immediately execute a backup strategy to protect 100 percent of your data.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP,  Windows Server…
Make the most of your online learning experience.
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
Suggested Courses
Course of the Month9 days, 5 hours left to enroll

617 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question