PAP & CHAP (RFC 1334, 1992, RFC 1994, 1996)

Protocols used in PPP (Point-to-Point Protocol).

• Unidirectional authentication, where the authenticator is not authenticated.

PPP was developed in 1992, mostly used for dial-up connections.

PPP protocols are used by PPTP VPNs.

• e.g. vpn.ua.pt

PAP (PPP Authentication Protocol).

• Simple UID/password presentation.

• Insecure cleartext password transmission.

CHAP (CHallenge-response Authentication Protocol).

• Aut → U: authID, challenge

• U → Aut: authID, MD5( authID, pwd, challenge ), identity

• Aut → U: authID, OK/not OK

• The authenticator may require a reauthentication anytime

MS-CHAP (Microsoft CHAP)