MCSE : Security Specialist
Authentication
Microsoft dial-up networking clients typically use MS-CHAP
authentication. Non-Microsoft dial-up networking clients use CHAP,
SPAP, and PAP authentication.
CHAP Challenge Handshake Authentication Protocol is a
challenge-response authentication protocol that uses the
industry-standard Message Digest 5 (MD5) hashing scheme to encrypt
the response. CHAP is used by various vendors of network access
servers and clients.
MS-CHAP Microsoft Challenge Handshake Authentication Protocol.
MS-CHAP is a nonreversible, encrypted password authentication
protocol. The challenge handshake process works as follows:
-
The remote access server or the IAS server sends a challenge to
the remote access client that consists of a session identifier
and an arbitrary challenge string.
-
The remote access client sends a response that contains the user
name and a nonreversible encryption of the challenge string, the
session identifier, and the password.
-
The authenticator checks the response and, if valid, the user's
credentials are authenticated.
PAP Password Authentication Protocol uses plaintext passwords
and is the least sophisticated authentication protocol. It is
typically negotiated if the remote access client and remote access
server cannot negotiate a more secure form of validation.
SPAP Shiva Password Authentication Protocol is a reversible
encryption mechanism employed by Shiva. This form of authentication
is more secure than plaintext but less secure than CHAP or MS-CHAP.
|