why is PAP more secure than CHAP?

What are the features that make PAP security better than CHAP security?
matthewharris38Asked:
Who is Participating?
 
Adam BrownSr Solutions ArchitectCommented:
Actually, PAP is much *less* security than CHAP, because PAP actually sends authentication information unencrypted over the network (Please read the wiki on PAP: http://en.wikipedia.org/wiki/Password_authentication_protocol). Unless clients are using Windows 95 or some other really old client OS to connect remotely, PAP is *not* a good thing to use. CHAP, on the other hand, transmits a challenge request to a client, which is based on the client's authentication information, and the client then responds with a hashed value that the server then checks against an expected result. If the result matches the expected result, the connection is then established. CHAP performs this check at random intervals for the duration of the remote session.

Now, if you happen to be referring to PEAP and not PAP, PEAP is significantly better than CHAP because it uses stronger algorithms and also involves a bit of Public Key cryptography to secure authentication traffic. PEAP utilizes TLS to encrypt authentication traffic. In order to work properly, PEAP requires the connection server to have a PKI certificate installed in order to encrypt traffic. Stronger versions of PEAP can utilize smart cards for authentication with full Public Key Cryptography.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.