Jump to content
 







Main menu
    


Navigation  


Main page
 Contents
 Current events
 Random article
 About Wikipedia
 Contact us
 Donate
  



Contribute  


Help
 Learn to edit
 Community portal
 Recent changes
 Upload file
  







Search  

































Create account

Log in
 









Create account
  Log in
  



Pages for logged out editors learn more  


Contributions
 Talk
  


















Contents

   



(Top)
  


1 Other uses of PAP  




2 Benefits of PAP  




3 Working cycle  




4 PAP packets  




5 See also  




6 Notes  




7 References  













Password Authentication Protocol






العربية
 Čeština
 Deutsch
 Ελληνικά
 Español
 فارسی
 Français
Hrvatski
 Italiano
 Nederlands
Polski
 Português
 Română
 Русский
 Српски / srpski
 Türkçe
 Українська
 
Edit links
  








Article
 Talk
  
















Read
 Edit
 View history
  







Tools
    


Actions  


Read
 Edit
 View history
  



General  


What links here
 Related changes
 Upload file
 Special pages
 Permanent link
 Page information
 Cite this page
 Get shortened URL
 Download QR code
 Wikidata item
  



Print/export  


Download as PDF
 Printable version
  















Appearance
    

 





From Wikipedia, the free encyclopedia
  

Password Authentication Protocol (PAP) is a password-based authentication protocol used by Point-to-Point Protocol (PPP) to validate users.[1] PAP is specified in RFC 1334.

Almost all network operating systems support PPP with PAP, as do most network access servers. PAP is also used in PPPoE, for authenticating DSL users.

As the Point-to-Point Protocol (PPP) sends data unencrypted and "in the clear", PAP is vulnerable to any attacker who can observe the PPP session. An attacker can see the users name, password, and any other information associated with the PPP session. Some additional security can be gained on the PPP link by using CHAPorEAP. However, there are always tradeoffs when choosing an authentication method, and there is no single answer for which is more secure.

When PAP is used in PPP, it is considered a weak authentication scheme. Weak schemes are simpler and have lighter computational overhead than more complex schemes such as Transport Layer Security (TLS), but they are much more vulnerable to attack. While weak schemes are used where the transport layer is expected to be physically secure, such as a home DSL link. Where the transport layer is not physically secure a system such as Transport Layer Security (TLS)orInternet Protocol Security (IPsec) is used instead.

Other uses of PAP[edit]

PAP is also used to describe password authentication in other protocols such as RADIUS and Diameter. However, those protocols provide for transport or network layer security, and therefore that usage of PAP does not have the security issues seen when PAP is used with PPP.

Benefits of PAP[edit]

When the client sends a clear-text password, the authentication server will receive it, and compare it to a "known good" password. Since the authentication server has received the password in clear-text, the format of the stored password can be chosen to be secure "at rest". If an attacker were to steal the entire database of passwords, it is computationally infeasible to reverse the function to recover a plaintext password.

As a result, while PAP passwords are less secure when sent over a PPP link, they allow for more secure storage "at rest" than with other methods such as CHAP.

Working cycle[edit]

PAP authentication is only done at the time of the initial link establishment, and verifies the identity of the client using a two-way handshake.

  1. Client sends username and password. This is sent repeatedly until a response is received from the server.
  2. Server sends authentication-ack (if credentials are OK) or authentication-nak (otherwise)[2]

PAP packets[edit]

Description

1 byte 1 byte 2 bytes 1 byte Variable 1 byte Variable
Authentication-request Code = 1 ID Length Username length Username Password length Password
Authentication-ack Code = 2 ID Length Message length Message
Authentication-nak Code = 3 ID Length Message length Message

PAP packet embedded in a PPP frame. The protocol field has a value of C023 (hex).

Flag Address Control Protocol (C023 (hex)) Payload (table above) FCS Flag

See also[edit]

Notes[edit]

  1. ^ "Password Authentication Protocol (PAP)". GeeksforGeeks. 2018-07-17. Retrieved 2020-11-08.
  • ^ Forouzan (2007). Data Commn & Networking 4E Sie. McGraw-Hill Education (India) Pvt Limited. pp. 352–. ISBN 978-0-07-063414-5. Retrieved 24 November 2012.

    • References[edit]


    Stub icon

    This computer networking article is a stub. You can help Wikipedia by expanding it.

  • t
  • e

    • Retrieved from "https://en.wikipedia.org/w/index.php?title=Password_Authentication_Protocol&oldid=1120211813"
    Categories: 
    Password authentication
     Internet protocols
     Authentication protocols
     Computer network stubs
     Hidden category: 
    All stub articles
      


    This page was last edited on 5 November 2022, at 19:35 (UTC).
    Text is available under the Creative Commons Attribution-ShareAlike License 4.0; additional terms may apply. By using this site, you agree to the Terms of Use and Privacy Policy. Wikipedia® is a registered trademark of the Wikimedia Foundation, Inc., a non-profit organization.


    Privacy policy
    About Wikipedia
    Disclaimers
    Contact Wikipedia
    Code of Conduct
    Developers
    Statistics
    Cookie statement
    Mobile view


    Wikimedia Foundation
    Powered by MediaWiki