Table of Contents
Advertisement
Peer Authentication using the Password Authentication Protocol
(PAP)
Introduction to PAP
PAP versus CHAP
Replies to PAP requests
Device 1 compares the locally encrypted text file with the text file
3
encrypted by Device 2. If the text files are the same (Password 1 = Pass-
word 2) Device 2 is authenticated. Otherwise, Device 2 is not authenticated
and data communications with Device 2 are not allowed.
Device 1
Random
text file
Peer is
encrypted
authenticated
Device 1
Random
text file
Peer is NOT
encrypted
authenticated
Device 1
The Password Authentication Protocol (PAP) can be used as an alternative to
CHAP to provide link security against unauthorized access. PAP uses simple
password protection against unauthorized access.
CHAP uses password encryption to authenticate peers and the passwords are
never transmitted directly over the PPP link, and therefore cannot be intercepted
and used by unauthorized sources. PAP uses simple password protection where
the password is transmitted directly over the link—PAP is therefore not resilient
to link monitoring.
For the best security, you should use CHAP rather than PAP for link
Note
access protection wherever possible.
PAP can however be used when it is the only authentication protocol supported
by the remote device.
A device (for example the Intel Express 8100 Router) always tries to reply to a
request for authentication from a peer, using the password defined for the User
ID of the peer.
PPP Link
Random
text file
=
encrypted
Device 2
Random
text file
=
encrypted
Device 2
Leased Lines Links
Point-to-Point Protocol (PPP)
Device 2
1337
15
Advertisement
Table of Contents
