Monday, July 23, 2012

CHAP vs PAP

[1] PAP intro on WiKi
[2] CHAP intro on WiKi

[3]

PAP transmits unencrypted ASCII passwords over the network and is therefore considered insecure. It is used as a last resort when the remote server does not support a stronger authentication protocol, like CHAP or EAP (the latter is actually a framework). [1]

CHAP requires that both the client and server know the plaintext of the secret, although it is never sent over the network.[2]