Home
Topics
Network Security
Network Security Best Practices and Products
Which is most secure - CHAP or PAP?

Ask the Expert

Which is most secure - CHAP or PAP?

Retired Expert - Mark Tuomenoksa

Which is most secure - CHAP or PAP?

If it's not so clear-cut, what are the trade offs?

Requires Free Membership to View

Login

By submitting you agree to receive email communications from
TechTarget and its partners. Privacy Policy Terms of Use.

Password authentication protocol (PAP) and challenge handshake authentication protocol (CHAP) are both used to authenticate PPP sessions and can be used with many VPNs. Basically, PAP works like a standard login procedure; the remote system authenticates itself to the using a static user name and password combination. The password can be encrypted for additional security, but PAP is subject to numerous attacks. In particular, since the information is static, it is subject to password guessing as well as snooping.

CHAP takes a more sophisticated and secure approach to authentication by creating a unique challege phrase (a randomly generated string) for each authentication. The challenge phrase is combined with device host names using oneway hashing functions to authenticate in way where no static secret information is ever transmitted over the wire. Because all transmitted information is dymanic, CHAP is significantly more robust than PAP.

Another advantage of CHAP over PAP is that CHAP can be set up to do repeated midsession authentications. This is useful for dial-up PPP sessions and other sessions where a port may be left open even though the remote device has disconnected. In this case, its possible for someone else to pick up the connection mid-session simply by establish physical connectivity.

So, definitely go with CHAP if you have choice.
Best,
Mark

More News and Tutorials

Articles

Related glossary terms

Terms for Whatis.com - the technology online dictionary

This was first published in January 2003

Join the conversationComment

Share

Comments

Results

Contribute to the conversation

All fields are required. Comments will appear at the bottom of the article.

Back to top

More from Related TechTarget Sites

Enterprise WAN
Unified Communications
Mobile Computing
Data Center
Networking Channel

Enterprise WAN
- Mobile optimization: What to do about mobile data slowing your WAN
  
  Mobile data continues to burden network bandwidth, making applications slow. This tip explains how mobile optimization can fix your slow WAN.
- WAN security vendor: To go network hardware provider or third-party?
  
  Network hardware providers and third-party vendors have very different WAN security offerings. How do you choose?
- WAN optimization, management and security: Putting the pieces together
  
  By searching for solutions that put WAN optimization, management and security together, enterprise IT can reduce company bottom lines and complexity.
Unified Communications
- What's the difference between bits and bytes specific to telephony?
  
  The differences between bits and bytes specific to telephony equipment is explained by UC strategies expert Matt Brunk in this expert response.
- Startup Pexip introduces software-based video conferencing bridge
  
  Pexip Infinity is a subscription-based, virtualized video conferencing bridge from the founders of Tandberg.
- The truth about mobile UC&C uptake
  
  As much as vendors tout their mobile UC&C clients, adoption is still very low. Find out why and what could make true solutions meaningful.
Mobile Computing
- Bringing BYOD to your enterprise
  
  Bring your own device (BYOD) can be a boon for both employees and enterprises, but clear policies and management tools are needed.
- Meeting technical requirements for mobile health care deployments
  
  IT departments deploying mobile health care solutions must ensure that using mobile devices in health care settings doesn't violate federal laws or compromise security.
- Making the call: Distributed antenna systems and in-building wireless
  
  Distributed antenna systems and in-building wireless solutions are two options to improve wireless cellular coverage within an enterprise facility.
Data Center
- Red Hat Open Hybrid Cloud aids private, public cloud management
  
  Hardware, virtualization, public and private cloud are all converging and need to be managed as one environment. Enter Red Hat's Open Hybrid Cloud.
- Mainframe modernization takes on urgency
  
  A Red Hat Summit talk on database and mainframe modernization highlights urgency, need for agility in enterprise development teams.
- AMD microprocessors regroup to fight another day
  
  Intel may win the server war, but AMD microprocessors could find more acceptance in another niche market.
Networking Channel
- Aruba Networks Partner Program Checklist
  
  Value-added resellers and service providers interested in reselling Aruba networking hardware and software can learn the benefits of becoming an Aruba Networks partner with this standardized checklist. Compare Aruba's reseller partner program with other vendors' offering similar products.
- NetScout Systems Partner Program Checklist
  
  Learn the benefits of becoming a NetScout Systems reseller partner with our Partner Program Checklist.
- Visage Mobile Partner Program Checklist
  
  Learn the benefits of becoming a Visage Mobile reseller partner with our Partner Program Checklist.

All Rights Reserved,Copyright 2000 - 2013, TechTarget