Identification, Authentication and Authorization

Applied Cryptography Robust Software Quantum Safety Machine Learning Applied to Security Analysis and Exploration of Vulnerabilities Computer Systems Forensic Analysis Reverse Engineering Identification, Authentication and Authorization Secure Execution Environments Direito da Organização e da Segurança

Identification, Authentication and Authorization
Access Control Models
OAuth 2.0 Authorization Framework
Linux Security Mechanisms
Authentication Protocols
PAM (Pluggable Authentication Modules)
FIDO and FIDO2 framework
Authentication with Trusted Third Parties / KDCs
Identity Management
Anonymity and Privacy

Powered by GitBook

On this page

PAP & CHAP (RFC 1334, 1992, RFC 1994, 1996)

PreviousToken-based OTP generators NextS/Key (RFC 2289, 1998)

Last updated 6 months ago

Protocols used in PPP (Point-to-Point Protocol).

Unidirectional authentication, where the authenticator is not authenticated.

PPP was developed in 1992, mostly used for dial-up connections.

PPP protocols are used by PPTP VPNs.

e.g. vpn.ua.pt

PAP (PPP Authentication Protocol).

Simple UID/password presentation.
Insecure cleartext password transmission.

CHAP (CHallenge-response Authentication Protocol).

Aut → U: authID, challenge
U → Aut: authID, MD5( authID, pwd, challenge ), identity
Aut → U: authID, OK/not OK
The authenticator may require a reauthentication anytime

MS-CHAP (Microsoft CHAP)