Password authentication protocol
Encyclopedia
A password authentication protocol (PAP) is an authentication protocol
that uses a password
.
PAP is used by Point to Point Protocol to validate users before allowing them access to server resources. Almost all network operating system
remote servers support PAP.
PAP transmits unencrypted ASCII
passwords over the network and is therefore considered insecure. It is used as a last resort when the remote server does not support a stronger authentication protocol, like CHAP
or EAP
(while the last is actually a framework).
Password-based authentication is the protocol that two entities share a password in advance and use the password as the basis of authentication. Existing password authentication schemes can be categorized into two types: weak-password authentication schemes and strong-password authentication schemes. In general, strong-password authentication protocols have the advantages over the weak-password authentication schemes in that their computational overhead are lighter, designs are simpler, and implementation are easier, and therefore are especially suitable for some constrained environments.
PAP packet embedded in a PPP frame. The protocol field has a value of
C023 (hex).
Authentication protocol
An authentication protocol is a type of cryptographic protocol with the purpose of authenticating entities wishing to communicate securely.There are many different authentication protocols such as:* AKA* CAVE-based_authentication...
that uses a password
Password
A password is a secret word or string of characters that is used for authentication, to prove identity or gain access to a resource . The password should be kept secret from those not allowed access....
.
PAP is used by Point to Point Protocol to validate users before allowing them access to server resources. Almost all network operating system
Network operating system
A networking operating system , also referred to as the Dialoguer, is the software that runs on a server and enables the server to manage data, users, groups, security, applications, and other networking functions...
remote servers support PAP.
PAP transmits unencrypted ASCII
ASCII
The American Standard Code for Information Interchange is a character-encoding scheme based on the ordering of the English alphabet. ASCII codes represent text in computers, communications equipment, and other devices that use text...
passwords over the network and is therefore considered insecure. It is used as a last resort when the remote server does not support a stronger authentication protocol, like CHAP
Challenge-handshake authentication protocol
In computing, the Challenge-Handshake Authentication Protocol authenticates a user or network host to an authenticating entity. That entity may be, for example, an Internet service provider. CHAP is specified in RFC 1994....
or EAP
Extensible Authentication Protocol
Extensible Authentication Protocol, or EAP, is an authentication framework frequently used in wireless networks and Point-to-Point connections. It is defined in RFC 3748, which made RFC 2284 obsolete, and was updated by RFC 5247....
(while the last is actually a framework).
Password-based authentication is the protocol that two entities share a password in advance and use the password as the basis of authentication. Existing password authentication schemes can be categorized into two types: weak-password authentication schemes and strong-password authentication schemes. In general, strong-password authentication protocols have the advantages over the weak-password authentication schemes in that their computational overhead are lighter, designs are simpler, and implementation are easier, and therefore are especially suitable for some constrained environments.
Working cycle
- Client sends username and password
- Server sends authentication-ack (if credentials are OK) or authentication-nak (otherwise)
PAP Packets
Description |
1 byte | 1 byte | 2 bytes | 1 byte | Variable | 1 byte | Variable |
|---|---|---|---|---|---|---|---|
| Authentication-request | Code = 1 | ID | Length | Username length | Username | Password length | Password |
| Authentication-ack | Code = 2 | ID | Length | Message length | Message | ||
| Authentication-nak | Code = 3 | ID | Length | Message length | Message |
PAP packet embedded in a PPP frame. The protocol field has a value of
C023 (hex).
| Flag | Address | Control | Protocol (C023 (hex)) | Payload (table above) | FCS | Flag |
|---|
See also
- CHAP - Challenge-Handshake Authentication ProtocolChallenge-handshake authentication protocolIn computing, the Challenge-Handshake Authentication Protocol authenticates a user or network host to an authenticating entity. That entity may be, for example, an Internet service provider. CHAP is specified in RFC 1994....
- EAP - Extensible Authentication ProtocolExtensible Authentication ProtocolExtensible Authentication Protocol, or EAP, is an authentication framework frequently used in wireless networks and Point-to-Point connections. It is defined in RFC 3748, which made RFC 2284 obsolete, and was updated by RFC 5247....
- RFC 1334 – PPP Authentication Protocols
- Password-authenticated key agreementPassword-authenticated key agreementIn cryptography, a password-authenticated key agreement method is an interactive method for two or more parties to establish cryptographic keys based on one or more party's knowledge of a password.-Types:...
protocols - SAP - Service Access PointService Access PointA Service Access Point is an identifying label for network endpoints used in Open Systems Interconnection networking.When using the OSI Network Layer , the base for constructing an address for a network element is an NSAP address, similar in concept to an IP address...