PAP and CHAP is the two main authentication protocols that used in ADSL.
Advantages
and disadvantages of PAP and CHAP
- CHAP has a more secure procedure for connecting to a system than PAP.
Because after sending
the challenge message to user, the user responds with a value that calculates
with the use of a one-way hash function and send sends respond packet. The
RADIUS checks the response against its own calculation of the expected hash value.
CHAP uses encrypted massage that includes user name and password. But PAP uses password in clear text and is a one way step process. That can
be unsecured, half way communication.
Another
feature of CHAP is that it doesn't only require the client to authenticate
itself at startup time, but sends challenges at regular intervals to make sure
the client hasn't been replaced by an intruder, for instance by just switching
phone lines.
CHAP requires that the
secret be available in plain text form. Irreversibly encrypted password
databases commonly available cannot be used. It is not as useful for large
installations, since every possible secret is maintained at both ends of the
link.
- CHAP provide access to the server in every time
It sends challenge massages frequently to the user, Because of that the user is always connected
to RADIUS. Therefore we can prevent the rick of another client replacement to
the server using same line.
Throughout this article I hope you may get some thing.
This provides very basic explanation and future will cover more. Comments are well come. Thank you
