Manualshelf

User`s guide

ManualsBrandsEnterasys ManualsComputer equipmentANG-3000
131132133134135136137138139140
106 XSR Users Guide
PPP Features Chapter 6
Configuring PPP
PAP is most appropriate where a plaintext password must be available to
simulate a login at a remote host. In such a use, PAP provides a similar level
of security to the usual user login at the remote host.
Challenge Handshake Authentication Protocol (CHAP)
The Challenge Handshake Authentication Protocol (CHAP), as referenced in
RFC-1994, periodically verifies the identity of the peer using a 3-way
handshake. This occurs upon initial link establishment, and may be repeated
anytime after the link has been established.
After the link establishment phase is complete, the authenticator sends a
“challenge” message to the peer. The peer responds with a value calculated
using a “one-way hash” function.
The authenticator checks the response against its own calculation of the
expected hash value. If the values match the connection is accepted,
otherwise the connection is terminated. CHAP uses MD5 as its hashing
algorithm.
CHAP protects against playback attack with an incrementally changing
identifier and a variable challenge value. The use of repeated challenges is
intended to limit the time of exposure to any single attack. The authenticator
controls the frequency and timing of the challenges.
CHAP depends upon a secret known only to the authenticator and that peer.
The secret is not sent over the link. CHAP is most likely used where the same
secret is easily accessed from both ends of the link.
Microsoft Challenge Handshake Protocol (MS-CHAP)
MS-CHAP, referenced in RFC-2433, authenticates remote Windows
workstations, providing the functionality to which LAN-based users are
accustomed while integrating the encryption and hashing algorithms used on
Windows networks. MS-CHAP is closely derived from the PPP CHAP with
the exception that it uses MD4 as its hashing algorithm.
The MS-CHAP challenge, response and success packet formats are identical
in format to the standard CHAP challenge, response and success packets,
respectively. MS-CHAP defines a set of reason for failure codes returned in the
Failure packet Message Field.