Password Authentication Protocol
   HOME

TheInfoList



Click Here for Items Related To - Password Authentication Protocol
OR:
Password Authentication Protocol on:   [Wikipedia]   [Google]   [Amazon]

Password Authentication Protocol (PAP) is a
password A password, sometimes called a passcode, is secret data, typically a string of characters, usually used to confirm a user's identity. Traditionally, passwords were expected to be memorized, but the large number of password-protected services t ...
-based
authentication protocol An authentication protocol is a type of computer communications protocol or cryptographic protocol specifically designed for transfer of authentication data between two entities. It allows the receiving entity to authenticate the connecting entity ...
used by
Point-to-Point Protocol In computer networking, Point-to-Point Protocol (PPP) is a data link layer (layer 2) communication protocol between two routers directly without any host or any other networking in between. It can provide loop detection, authentication, transmissio ...
(PPP) to validate users. PAP is specified in . Almost all
network operating system A network operating system (NOS) is a specialized operating system for a network device such as a router, switch or firewall. Historically operating systems with networking capabilities were described as network operating systems, because they ...
s support PPP with PAP, as do most
network access server A network access server (NAS) is a group of components that provides remote users with a point of access to a network. Overview A NAS concentrates dial-in and dial-out user communications. An access server may have a mixture of analog and digita ...
s. PAP is also used in
PPPoE The Point-to-Point Protocol over Ethernet (PPPoE) is a network protocol for Encapsulation (networking), encapsulating Point-to-Point Protocol (PPP) frames inside Ethernet frames. It appeared in 1999, in the context of the boom of DSL as the solu ...
, for authenticating DSL users. As the
Point-to-Point Protocol In computer networking, Point-to-Point Protocol (PPP) is a data link layer (layer 2) communication protocol between two routers directly without any host or any other networking in between. It can provide loop detection, authentication, transmissio ...
(PPP) sends data unencrypted and "in the clear", PAP is vulnerable to any attacker who can observe the PPP session. An attacker can see the users name, password, and any other information associated with the PPP session. Some additional security can be gained on the PPP link by using CHAP or EAP. However, there are always tradeoffs when choosing an authentication method, and there is no single answer for which is more secure. When PAP is used in PPP, it is considered a weak authentication scheme. Weak schemes are simpler and have lighter
computational overhead Overhead in computer systems consists of shared functions that benefit all users or processes but are not directly attributable to any specific task. It is thus similar to overhead in organizations. Computer system overhead shows up as slower pr ...
than more complex schemes, such as
Transport Layer Security Transport Layer Security (TLS) is a cryptographic protocol designed to provide communications security over a computer network, such as the Internet. The protocol is widely used in applications such as email, instant messaging, and voice over ...
(TLS), but they are much more vulnerable to attack. Weak schemes are used where the transport layer is expected to be physically secure, such as a home
DSL Digital subscriber line (DSL; originally digital subscriber loop) is a family of technologies that are used to transmit digital data over telephone lines. In telecommunications marketing, the term DSL is widely understood to mean asymmetric di ...
link. Where the transport layer is not physically secure a system such as TLS or Internet Protocol Security (IPsec) is used instead.


Other uses of PAP

PAP is also used to describe password authentication in other protocols such as
RADIUS In classical geometry, a radius (: radii or radiuses) of a circle or sphere is any of the line segments from its Centre (geometry), center to its perimeter, and in more modern usage, it is also their length. The radius of a regular polygon is th ...
and
Diameter In geometry, a diameter of a circle is any straight line segment that passes through the centre of the circle and whose endpoints lie on the circle. It can also be defined as the longest Chord (geometry), chord of the circle. Both definitions a ...
. However, those protocols provide for transport or network layer security, and therefore that usage of PAP does not have the security issues seen when PAP is used with PPP.


Benefits of PAP

When the client sends a clear-text password, the authentication server will receive it, and compare it to a "known good" password. Since the authentication server has received the password in clear-text, the format of the stored password can be chosen to be secure "at rest". If an attacker were to steal the entire database of passwords, it is computationally infeasible to reverse the function to recover a plaintext password. As a result, while PAP passwords are less secure when sent over a PPP link, they allow for more secure storage "at rest" than with other methods such as CHAP.


Working cycle

PAP authentication is only done at the time of the initial link establishment, and verifies the identity of the client using a two-way handshake. #Client sends username and password. This is sent repeatedly until a response is received from the server. #Server sends authentication-ack (if credentials are OK) or authentication-nak (otherwise)


PAP packets

PAP packet embedded in a PPP frame. The protocol field has a value of C023 (hex).


See also

* SAP – Service Access Point


Notes


References

* {{Authentication APIs Password authentication Internet protocols Authentication protocols