Password Authentication

 

Password Authentication Protocol is often used by point to point networks to allow users to access information using a password. ​Most network operating servers support Password Authentication Protocol. PAP is considered insecure since it transmits ASCII across the network.



PAP is used as the last option if the servers do not support a stronger authentication code such as EAP or CHAP. A protocol whereby two parties share a password and use the password for the purpose of authentication is referred to as password based authentication.



There are two types of password authentication schemes, strong password authentication and weak password authentication. Weak password authentication schemes have a lighter computation overhead, implementation is much easier and the design is simpler than strong authentication scheme making it more suitable for a strained environment.



Password Authentication Protocol provides security by encrypting the users password with a MD5 # algorithm of a unique value that both the server and the client can construct. PAP is a simpler authentication protocol in which the user’s password and name are unencrypted and sent to the remote server.



Currently using PAP is not recommendable since your passwords are readable from the PPP packets exchanged at the approval stage. Actually PAP is only used when connecting to older remote servers like UNIX since they do not support any protocol system. Always remember that if PAP was used to initiate the connection then you cannot use Microsoft Point to Point Encryption.



Authentication protocols are meant to be used by routers and hosts who connect to a Point to Point Protocol network server through dial up lines or switched circuits. PAP provides a better method for the peer to form an identity using a two way handshake. This is only done after Initial Link Establishment. When a Link Establishment Phase is consumated a password pair is sent by the peer several times to the authenticator until the connection is terminated or the authentication is approved.



PAP is not a strong authentication procedure since there is no protection from error attacks or from playback. The peer is in control of the timing of attempts and in control of the frequency. Implementations which will provide a stronger authentication such as CHAP would be better that PAP. Point to Point Protocol provides a central method of encapsulating Network Layer Protocol over point to point links.

​

PPP also introduces a link control protocol which enables bidding of an Authentication Protocol before allowing Network Layers Protocols to communicate over the link. You should also know that it is possible to limit the visibility of the plain text password over the PPP link. You can do this by avoiding sending the authentication password over the network.

​

You can also take a look at the Configuration Option Format so that you can familiarize yourself with various types of Password Authentication Configuration Option Format.

 

Here is a break down of the format

Type 3
Length 4
Authentication Protocol c023(hex) Authentication Password Protocol.
There is data field available. If a certain connection has been configured in such a way that it will require an authentiaction password, trying to connect to a server that is only configured for PAP will cause Windows XP to disconnect your system from the network.

​