The main difference between PAP and CHAP is that PAP is an authentication protocol that allows Point to Point Protocol to validate users while CHAP is an authentication protocol which provides better security than PAP.
Authentication is the process of checking a user’s details to identify him and grant access to the system and resources. PAP and CHAP are two authentication protocols. It is possible for a user to enable either PAP or CHAP or both on a network. In overall, CHAP is more secure than PAP as it involves a three-way exchange of a shared secret while PAP uses a two-way handshake to verify the identity of the client.
Key Areas Covered
Authentication Protocol, CHAP, PAP, Point to Point Protocol (PPP)
What is PAP
PAP stands for Password Authentication Protocol. It is a password-based authentication protocol. Mainly, it is used by Point to Point (PPP) to validate users. Moreover, most network operating system remote servers support this protocol. Generally, PAP is considered as a weak authentication scheme. Therefore, PAP is used only as a last resort when the remote server does not support a stronger scheme such as CHAP or EAP.
Furthermore, PAP authentication is only done during the time of the initial link establishment. Here, it verifies the identity of the client using a two-way handshake. First, the client sends the username and password. It performs this task continuously until receiving a response from the server. Next, the server checks the credentials, and if they are valid, it sends an authentication acknowledgement. If the credentials are false, then it sends a negative authentication.
What is CHAP
CHAP stands for Challenge –Handshake Authentication Protocol. It is capable of authenticating a user or network host to an authenticating entity such as an Internet Service Provider (ISP). Furthermore, CHAP provides protection from replay attacks. It uses an incrementally changing identifier and a variable challenge value to accomplish this task.
Moreover, CHAP requires both client and server to know the plaintext of the secret, but it is not sent over the network. Therefore, CHAP is more secure than PAP. Thus, Pont to Point Protocol (PPP) servers uses CHAP to validate identities of remote clients. Importantly, CHAP uses a three-way handshake continuously to verify the identity of the client. It happens when establishing the initial link. However, it can happen again at any moment.
Difference Between PAP and CHAP
PAP is a password-based authentication protocol used by Point to Point Protocol (PPP) to validate users. In contrast, CHAP is a communication protocol that authenticates a user or network host to an authenticating entity. Thus, this is the main difference between PAP and CHAP.
While PAP stands for Password Authentication Protocol (PAP), CHAP stands for Challenge Handshake Authentication Protocol.
During link establishment, PAP stops working after establishing the authentication; thus, it can lead to attacks on the network. On the other hand, CHAP conducts periodic challenges to make sure that the remote host still has a valid password value. Hence, this is an important difference between PAP and CHAP.
Moreover, CHAP provides better security than PAP.
In brief, PAP and CHAP are two authentication protocols. Some remote devices only support CHAP, while others only support PAP. However, it is a good practice to use both on devices such as Cisco routers for maximum data security. The main difference between PAP and CHAP is that PAP is an authentication protocol that allows Point to Point Protocol to validate users, while CHAP is an authentication protocol which provides better security than PAP.
1.“Password Authentication Protocol.” Wikipedia, Wikimedia Foundation, 25 May 2019, Available here.
2.“Challenge-Handshake Authentication Protocol.” Wikipedia, Wikimedia Foundation, 10 June 2019, Available here.
3.“What Is PPP? : What Is CHAP ? Explanation with Examples.” Orbit, 28 May 2019, Available here.
1.”4221623″ via (CC0) Pixabay