Difference between PAP and CHAP

Point-to-Point Protocol (PPP) basically uses Authentication method to simply identify and determine the remote device. Authentication is also required to secure communication among two endpoints. Authentication is basically a process of checking and verifying user’s detail simply to identify the user and allow access to the system and all of the resources.

There are generally two methods that are required by PPP for Authentication. These methods are given below :

1. Password Authentication Protocol (PAP) :
It provides a simple and easiest method for a remote node simply to establish and develop its identity along with a bidirectional link. These are generally used in public FTP sites and also in other public areas.

2. Challenge Handshake Authentication Protocol (CHAP) :
CHAP is basically an encrypted authentication method that is required to verify the identity of the peer. It also uses an encryption algorithm to just pass the authentication data to protect it from hackers. It is widely used on the Internet.



Different between PAP and CHAP :



Password Authentication Protocol Challenge Handshake Authentication Protocol
It is a two-step process to verify the identity of the client. It is a three-step process of exchange of a shared secret.
Authentication is only requested at the initial time of establishment of link or connection. Authentication is requested at the initial time of establishment of link or connection and can also be requested after the establishment of link or connection.
This protocol is less secured implementation as actual passwords are transmitted without any encryption code or pattern through the link. This protocol is highly secure in implementation as the actual password is never transmitted through the link.
In this, both the user name and passwords are transmitted through the link.   In this, only the username is transmitted through the link.
Unencrypted usernames and Passwords are usually transmitted in plain text. Encrypted username and password are usually transmitted in this type of authentication.
It also allows point to point protocol to validate users i.e. to check and verify the users. It is a communication protocol that simply authenticates a user or a network host to an authentication entity.
It does not provide protection and prevention from trial and error attacks. It effectively provides protection and prevention from trial and error attacks.
It cannot do repeated midsession authentications. It can also do repeated midsession authentications.
Its usage has been decreased due to security issues. It is used by remote users, routers, and NASs simply to provide authentication before connectivity.
In PAP, Authentication is done only at the caller side or client side. In CHAP, Authentication is done at both of the sides.

Attention reader! Don’t stop learning now. Get hold of all the important CS Theory concepts for SDE interviews with the CS Theory Course at a student-friendly price and become industry ready.

My Personal Notes arrow_drop_up

Check out this Author's contributed articles.

If you like GeeksforGeeks and would like to contribute, you can also write an article using contribute.geeksforgeeks.org or mail your article to contribute@geeksforgeeks.org. See your article appearing on the GeeksforGeeks main page and help other Geeks.

Please Improve this article if you find anything incorrect by clicking on the "Improve Article" button below.