点对点协议(PPP)基本上使用身份验证方法来简单地标识和确定远程设备。还需要身份验证以确保两个端点之间的通信安全。身份验证基本上是一个检查和验证用户详细信息的过程,仅用于识别用户并允许访问系统和所有资源。
PPP通常需要两种方法进行身份验证。这些方法如下:
1.密码验证协议(PAP):
它为远程节点提供了一种简单而又最简单的方法,只需建立和发展其身份以及双向链接即可。这些通常用于公共FTP站点以及其他公共区域。
2.质询握手身份验证协议(CHAP):
CHAP基本上是一种加密的身份验证方法,是验证对等方身份所必需的。它还使用加密算法仅传递身份验证数据,以保护其免受黑客攻击。它在Internet上被广泛使用。
PAP和CHAP之间的区别:
| Password Authentication Protocol | Challenge Handshake Authentication Protocol |
|---|---|
| It is a two-step process to verify the identity of the client. | It is a three-step process of exchange of a shared secret. |
| Authentication is only requested at the initial time of establishment of link or connection. | Authentication is requested at the initial time of establishment of link or connection and can also be requested after the establishment of link or connection. |
| This protocol is less secured implementation as actual passwords are transmitted without any encryption code or pattern through the link. | This protocol is highly secure in implementation as the actual password is never transmitted through the link. |
| In this, both the user name and passwords are transmitted through the link. | In this, only the username is transmitted through the link. |
| Unencrypted usernames and Passwords are usually transmitted in plain text. | Encrypted username and password are usually transmitted in this type of authentication. |
| It also allows point to point protocol to validate users i.e. to check and verify the users. | It is a communication protocol that simply authenticates a user or a network host to an authentication entity. |
| It does not provide protection and prevention from trial and error attacks. | It effectively provides protection and prevention from trial and error attacks. |
| It cannot do repeated midsession authentications. | It can also do repeated midsession authentications. |
| Its usage has been decreased due to security issues. | It is used by remote users, routers, and NASs simply to provide authentication before connectivity. |
| In PAP, Authentication is done only at the caller side or client side. | In CHAP, Authentication is done at both of the sides. |