PAP, CHAP, and MS-CHAP - CompTIA Security+ SY0-501 - 4.2
Point-to-Point Protocol (PPP)
This section discusses the Point-to-Point Protocol (PPP) and its derivatives, including PPTP and PPPoE. It also covers authentication methods such as PAP, CHAP, and MS-CHAP.
PPP and Its Derivatives
- PPP is used for authentication on analog dial-up, ISDN, and other types of Point-to-Point Networks.
- PPTP is a derivative of PPP commonly used in Windows operating systems.
- PPPoE is another derivative of PPP commonly used to authenticate over a DSL network.
Authentication Methods
Password Authentication Protocol (PAP)
- PAP is one of the most basic authentication methods.
- It communicates in clear text without encryption or additional security measures.
- It was commonly used on old or legacy systems but is now rarely used by itself.
Challenge Handshake Authentication Protocol (CHAP)
- CHAP was created to provide additional security to the authentication process.
- It uses an encrypted challenge to send credentials across the network.
- It uses a three-way handshake to authenticate users.
Microsoft CHAP (MS-CHAP)
- MS-CHAP is a customized version of CHAP developed by Microsoft.
- The most recent version is referred to as MS_CHAP v2.
- Unfortunately, both versions suffer from vulnerabilities due to the use of DES protocol.
Alternatives
Many people have migrated from using MS_CHAP due to its vulnerabilities. Instead, they use L2TP, IPsec or some other type of secure VPN communication.