CHAP-PAP-MSCHAP

on Monday, May 21 21 May , in , 0 Comments

PAP:-
+used in PPP
+uses two-way handshake
In PAP the passwords are sent across the link in clear text and there is no protection from playback or trail-and-error attacks



CHAP:-
+used in PPP
+In CHAP the user credentials are hashed & send, 
+With CHAP, the authenticator (i.e. the server) sends a randomly generated ``challenge'' string to the client, along with its hostname. The client uses the hostname to look up the appropriate secret, combines it with the challenge, and encrypts the string using a one-way hashing function. The result is returned to the server along with the client's hostname. The server now performs the same computation, and acknowledges the client if it arrives at the same result.


PC-<----- "challenge''+Hostname --------server
PC------hash= encrypts string(challenge)  --------server

R1-------------challenge----->R2
R1<--------------response-----R2
R1-->access accept/reject-->R2



EAP-MD5:-
+all EAP are used for port based authentication,cannot used for WIFI.
++Both challenge and response goes in unencrypted or plain text.....

+its also secure, hases users password
+The server sends the client a random challenge value, and the client proves its identity by hashing the challenge and its password with MD5.
+cannot used in public networks like wireless or guest
because  EAP-MD5-Challenge  does not provide server authentication, it is vulnerable to spoofing ge does 



MSCHAPV1 and MSCHAPv2:-
Basically MS-CHAP v2 is more secure, it provides mutual authentication, stronger initial data encryption keys, and different encryption keys for sending and receiving.

 MS-CHAP v1, only the Server requires authentication from the client, where as MS-CHAP v2, the client requires authentication from the Server and vice versa

PC---------ACS
++client has to validate the radius servers certificate.
along with that client enters user credentials which are send in HASH to radius server

PEAP:-
If we use Peap over MsChapv2 then there will be a TLS/SSL tunnel to protect these authentication traffic

0 Response to "CHAP-PAP-MSCHAP"

Post a Comment

Subscribe to: Post Comments (Atom)
Powered by Blogger