CHAP / PAP

Is my matching below correct or not ?

CHAP
  Generates a unique authentication string for each transaction
  supports md-sessions re-authentication

PAP
 require a username and password only
 provides minimal security
AXISHKAsked:
Who is Participating?
 
Gaurav SinghConnect With a Mentor Solution ArchitectCommented:
Yes thats correct. PAP is less secure it its not encrypted. you can configure PAP with Encryption as we...
0
 
btanConnect With a Mentor Exec ConsultantCommented:
Agree with expert too.
PAP works basically the same way as the normal login procedure. The client authenticates itself by sending a user name and an (optionally encrypted) password to the server, which the server compares to its secrets database. This technique is vulnerable to eavesdroppers who may try to obtain the password by listening in on the serial line, and to repeated trial and error attacks.

With CHAP, the authenticator (i.e. the server) sends a randomly generated ``challenge'' string to the client, along with its hostname. The client uses the hostname to look up the appropriate secret, combines it with the challenge, and encrypts the string using a one-way hashing function. The result is returned to the server along with the client's hostname. The server now performs the same computation, and acknowledges the client if it arrives at the same result.

Another feature of CHAP is that it doesn't only require the client to authenticate itself at startup time, but sends challenges at regular intervals to make sure the client hasn't been replaced by an intruder, for instance by just switching phone lines.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.