Password Authentication Protocol (PAP) is apassword-basedauthentication protocol used byPoint-to-Point Protocol (PPP) to validate users.[1] PAP is specified inRFC 1334.
Almost allnetwork operating systems support PPP with PAP, as do mostnetwork access servers. PAP is also used inPPPoE, for authenticating DSL users.
As thePoint-to-Point Protocol (PPP) sends data unencrypted and "in the clear", PAP is vulnerable to any attacker who can observe the PPP session. An attacker can see the users name, password, and any other information associated with the PPP session. Some additional security can be gained on the PPP link by usingCHAP orEAP. However, there are always tradeoffs when choosing an authentication method, and there is no single answer for which is more secure.
When PAP is used in PPP, it is considered a weak authentication scheme. Weak schemes are simpler and have lightercomputational overhead than more complex schemes, such asTransport Layer Security (TLS), but they are much more vulnerable to attack. Weak schemes are used where the transport layer is expected to be physically secure, such as a homeDSL link. Where the transport layer is not physically secure a system such as TLS orInternet Protocol Security (IPsec) is used instead.
PAP is also used to describe password authentication in other protocols such asRADIUS andDiameter. However, those protocols provide for transport or network layer security, and therefore that usage of PAP does not have the security issues seen when PAP is used with PPP.
When the client sends a clear-text password, the authentication server will receive it, and compare it to a "known good" password. Since the authentication server has received the password in clear-text, theformat of the stored password can be chosen to be secure "at rest". If an attacker were to steal the entire database of passwords, it is computationally infeasible to reverse the function to recover a plaintext password.
As a result, while PAP passwords are less secure when sent over a PPP link, they allow for more secure storage "at rest" than with other methods such asCHAP.
PAP authentication is only done at the time of the initial link establishment, and verifies the identity of the client using atwo-way handshake.
Description | 1 byte | 1 byte | 2 bytes | 1 byte | Variable | 1 byte | Variable |
|---|---|---|---|---|---|---|---|
| Authentication-request | Code = 1 | ID | Length | Username length | Username | Password length | Password |
| Authentication-ack | Code = 2 | ID | Length | Message length | Message | ||
| Authentication-nak | Code = 3 | ID | Length | Message length | Message |
PAP packet embedded in a PPP frame. The protocol field has a value ofC023 (hex).
| Flag | Address | Control | Protocol (C023 (hex)) | Payload (table above) | FCS | Flag |
|---|
