PAP vs CHAP

Status
Not open for further replies.

rookie1010

Fully Optimized
Messages
2,069
Hello

I came across this article on the net.

If configuring GPRS on a mobile, you may be prompted to specify an authentication type. This defines whether your GPRS logon password is protected when it's sent over-the-air, protecting your login credentials. Options are "Normal" (sending password as plain text, referred to as 'PAP authentication'), or "Secure" (sent using challenge-response, referred to as 'CHAP authentication'). This isn't about protecting your data, or having a secure connection - just about protecting your GPRS logon password. Most operators in the UK support both, but as GPRS logon passwords are often generic, "Normal" should be fine for most users.

why would anyone want to use PAP when the password is visible to anyone.

when they say that GPRS passwords are generic they mean that users dont bother to change them, correct?
 

mikesgroovin

HONK if you route packets
Messages
4,718
Location
MD
Simply put, PAP is just an older protocol. Chances are, when broadband didn't exsist and you would use a DUN connection to Earthlink, AOL or to your favorite BBS, you would be using PAP.
The difference in time that it takes to authenticate the same user with each method is about the same. Typically, if you were using PAP over a modem, if you had a toggle between a RS232 connection and a modem....you would be able to view the password.

Yes, in a way you are correct, but most cell phones connect using a number unique to that phone too. And if you are using GPRS from a phone that doesn't have that sort of paid subscription, it won't be able to connect. So why bother? The general public wouldn't even begin to understand how to "data listen" on a cellular line anyway.
 

rookie1010

Fully Optimized
Messages
2,069
thanks for the reply

i guess that since the transmitted data is encrypted anyway, hence using CHAP would be two levels of encryption and PAP is just one level of encryption(the inherrent encryption of the system).

as long as the cell system turns it on, if not, then some one with a "wireless sniffer" could detect ones password, correct?
 

ibarrere

Baseband Member
Messages
24
CHAP doesn't actually actively encrypt though, it just provides for authentication. It was invented to provide for authentication in PPP links but doesn't implement any encryption. If the data is not encrypted with anything then yes, someone could potentially get your password (that won't happen though) :)
 
Status
Not open for further replies.
Top Bottom