PAP & CHAP (RFC 1334, 1992, RFC 1994, 1996)
Last updated
Last updated
Protocols used in PPP (Point-to-Point Protocol).
Unidirectional authentication, where the authenticator is not authenticated.
PPP was developed in 1992, mostly used for dial-up connections.
PPP protocols are used by PPTP VPNs.
e.g. vpn.ua.pt
PAP (PPP Authentication Protocol).
Simple UID/password presentation.
Insecure cleartext password transmission.
CHAP (CHallenge-response Authentication Protocol).
Aut → U: authID, challenge
U → Aut: authID, MD5( authID, pwd, challenge ), identity
Aut → U: authID, OK/not OK
The authenticator may require a reauthentication anytime