PAP vs CHAP

Status
Not open for further replies.
R

rookie1010

Fully Optimized
Messages
2,069
Hello

I came across this article on the net.

If configuring GPRS on a mobile, you may be prompted to specify an authentication type. This defines whether your GPRS logon password is protected when it's sent over-the-air, protecting your login credentials. Options are "Normal" (sending password as plain text, referred to as 'PAP authentication'), or "Secure" (sent using challenge-response, referred to as 'CHAP authentication'). This isn't about protecting your data, or having a secure connection - just about protecting your GPRS logon password. Most operators in the UK support both, but as GPRS logon passwords are often generic, "Normal" should be fine for most users.
Click to expand...

why would anyone want to use PAP when the password is visible to anyone.

when they say that GPRS passwords are generic they mean that users dont bother to change them, correct?
 
Simply put, PAP is just an older protocol. Chances are, when broadband didn't exsist and you would use a DUN connection to Earthlink, AOL or to your favorite BBS, you would be using PAP.
The difference in time that it takes to authenticate the same user with each method is about the same. Typically, if you were using PAP over a modem, if you had a toggle between a RS232 connection and a modem....you would be able to view the password.

Yes, in a way you are correct, but most cell phones connect using a number unique to that phone too. And if you are using GPRS from a phone that doesn't have that sort of paid subscription, it won't be able to connect. So why bother? The general public wouldn't even begin to understand how to "data listen" on a cellular line anyway.
 
thanks for the reply

i guess that since the transmitted data is encrypted anyway, hence using CHAP would be two levels of encryption and PAP is just one level of encryption(the inherrent encryption of the system).

as long as the cell system turns it on, if not, then some one with a "wireless sniffer" could detect ones password, correct?
 
CHAP doesn't actually actively encrypt though, it just provides for authentication. It was invented to provide for authentication in PPP links but doesn't implement any encryption. If the data is not encrypted with anything then yes, someone could potentially get your password (that won't happen though) :)
 
Status
Not open for further replies.

Similar threads

Captain Xarzu
How do I ensure I properly get text alerts on my Android phone?
Replies
2
Views
863
Joe C
Joe C
CloudniumSupport
Deciding on the right hosting provider:
Replies
1
Views
565
brownelsa1318
B
Andrewx
Why Blogging Seems Harder in 2023
Replies
1
Views
798
fusionha
F
O
hello & mostly clueless & would appreciate mac security help after trojan attack!
Replies
0
Views
926
once2023
O
S
Would it benefit me joining Discord chat groups?
Replies
0
Views
881
Scissorman
S
Back
Top Bottom