PAP vs CHAP - Techist - Tech Forum

Go Back   Techist - Tech Forum > Internet > Computer Networking and Internet Hardware
Click Here to Login
Closed Thread
 
Thread Tools Display Modes
 
Old 07-04-2006, 10:10 AM   #1 (permalink)
Master Techie
 
Join Date: Mar 2004
Posts: 2,069
Default PAP vs CHAP

Hello

I came across this article on the net.

Quote:
If configuring GPRS on a mobile, you may be prompted to specify an authentication type. This defines whether your GPRS logon password is protected when it's sent over-the-air, protecting your login credentials. Options are "Normal" (sending password as plain text, referred to as 'PAP authentication'), or "Secure" (sent using challenge-response, referred to as 'CHAP authentication'). This isn't about protecting your data, or having a secure connection - just about protecting your GPRS logon password. Most operators in the UK support both, but as GPRS logon passwords are often generic, "Normal" should be fine for most users.
why would anyone want to use PAP when the password is visible to anyone.

when they say that GPRS passwords are generic they mean that users dont bother to change them, correct?
__________________

rookie1010 is offline  
Old 07-05-2006, 09:22 PM   #2 (permalink)
HONK if you route packets
 
mikesgroovin's Avatar
 
Join Date: Sep 2003
Location: MD
Posts: 4,715
Default

Simply put, PAP is just an older protocol. Chances are, when broadband didn't exsist and you would use a DUN connection to Earthlink, AOL or to your favorite BBS, you would be using PAP.
The difference in time that it takes to authenticate the same user with each method is about the same. Typically, if you were using PAP over a modem, if you had a toggle between a RS232 connection and a modem....you would be able to view the password.

Yes, in a way you are correct, but most cell phones connect using a number unique to that phone too. And if you are using GPRS from a phone that doesn't have that sort of paid subscription, it won't be able to connect. So why bother? The general public wouldn't even begin to understand how to "data listen" on a cellular line anyway.
__________________

mikesgroovin is offline  
Old 07-08-2006, 07:15 AM   #3 (permalink)
Master Techie
 
Join Date: Mar 2004
Posts: 2,069
Default

thanks for the reply

i guess that since the transmitted data is encrypted anyway, hence using CHAP would be two levels of encryption and PAP is just one level of encryption(the inherrent encryption of the system).

as long as the cell system turns it on, if not, then some one with a "wireless sniffer" could detect ones password, correct?
rookie1010 is offline  
Old 07-10-2006, 12:46 AM   #4 (permalink)
Newb Techie
 
Join Date: Jul 2006
Posts: 24
Default

CHAP doesn't actually actively encrypt though, it just provides for authentication. It was invented to provide for authentication in PPP links but doesn't implement any encryption. If the data is not encrypted with anything then yes, someone could potentially get your password (that won't happen though)
ibarrere is offline  
Old 07-11-2006, 05:48 PM   #5 (permalink)
Master Techie
 
Join Date: Mar 2004
Posts: 2,069
Default

thanks for the reply

does not CHAP hash or encrupt the password?
rookie1010 is offline  
Old 07-11-2006, 09:12 PM   #6 (permalink)
Newb Techie
 
Join Date: Jul 2006
Posts: 24
Default

it hashs the password... but the data itself is not encrypted.
__________________

ibarrere is offline  
Closed Thread

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off




Copyright 2002- Social Knowledge, LLC All Rights Reserved.

All times are GMT -5. The time now is 05:11 PM.


Powered by vBulletin® Version 3.8.8 Beta 1
Copyright ©2000 - 2017, vBulletin Solutions, Inc.