PAP provides simple authentication to authenticate a user-configured on a remote access server or on an ISP (Internet Service Provider).
PAP (Password Authentication Protocol)
PAP authenticates a user accessing certain resources and is a sub-authentication method used in the connection of the PPP protocol.
In addition, this protocol transmits unencrypted ASCII passwords, which means it is an insecure protocol. If the remote access server does not support a stronger authentication protocol, this protocol is used as the authentication process.
The Password Authentication Protocol functions as a two-way handshake. In addition, it uses the plaintext password transmission used in older SLIP systems but is not absolutely secure. It can be used for TTLS authentication as a simple use case.
How Does It Work?
It is a type of computer communication cryptographic protocol specifically designed for the transfer of authentication data between two devices.
The device receiving these packets authenticates the connected device and reports the type of information required. Thus, it allows the connected device to authenticate.
Although PAP is an old authentication method, it is initiated by the client sending a packet with credentials at the beginning of the connection and the client sends the authentication request until it receives an acknowledgment.
The client is extremely insecure as it clearly transmits credentials in the packet it sends. In this case, it may be vulnerable to even the simplest attacks, such as eavesdropping or agent-based attacks between client and access server.
Thanks to this verification, it acts as the most basic and simple protection layer required for secure communication in computer networks.
PAP is a simple protocol to implement and configure on any computer, regardless of the memory or processor capacity of the hardware it may have.
It is very useful for testing operations and communications when setting up a computer network.
It does not use encryption, so the messages that the client sends to the server are visible by the intervention of the physical layer, making it insecure.
It is not recommended for use by corporate or companies with very sensitive data, as it is vulnerable to message replication attacks and passive eavesdropping attacks.