D-Link DFL-700 Product Manual - Page 50

Authentication Protocols, MPPE, Microsoft Point-To-Point Encryption, MS-CHAP v1

Page 50 highlights

Authentication Protocols PPP supports different authentication protocols, PAP, CHAP, MS-CHAP v1 and MSCHAP v2. The authentication protocol to be used is decided during LCP negotiation. PAP PAP (Password Authentication Protocol) is a simple, plaintext authentication scheme, which means that both user name and password are sent over the tunnel plaintext. PAP is therefore not considered a secure authentication protocol. CHAP CHAP (Challenge Handshake Authentication Protocol) is a challenge-response authentication protocol specified in RFC 1994. CHAP uses an MD5 one-way encryption scheme to hash the response to a challenge issued by the DFL-700. CHAP is superior to PAP in that the password is never sent over the link. Instead the password is used to create the one-way MD5 hash. This does however mean that CHAP requires passwords to be stored in a reversibly encrypted form. MS-CHAP v1 MS-CHAP v1 (Microsoft Challenge Handshake Authentication Protocol version 1) is similar to CHAP; the main difference is that with MS-CHAP v1 the password only needs to be stored as an MD4 hash instead of a reversibly encrypted form. Another difference is that MSCHAP v1 uses MD4 Hashing as opposed to MD5 used in CHAP. MS-CHAP v2 MS-CHAP v2 (Microsoft Challenge Handshake Authentication Protocol version 1) is more secure then MS-CHAP v1 as it provides two-way authentication. MS-CHAPv2 is not backwards compatible with MS-CHAP v1. Both the Remote Access Server and the client must prove they have knowledge of the password via two-way Challenge response messages. MPPE, Microsoft Point-To-Point Encryption MPPE is used is used to encrypt Point-to-Point Protocol (PPP) packets. MPPE uses the RSA RC4 algorithm to provide data confidentiality. The length of the session key to be used for the encryption can be negotiated. MPPE currently supports 40-bit, 56-bit and 128-bit RC4 session keys. 50

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
  • 128
  • 129
  • 130
  • 131
  • 132
  • 133
  • 134
  • 135
  • 136
  • 137
  • 138

50
Authentication Protocols
PPP supports different authentication protocols, PAP, CHAP, MS-CHAP v1 and MSCHAP
v2. The authentication protocol to be used is decided during LCP negotiation.
PAP
PAP (Password Authentication Protocol) is a simple, plaintext authentication scheme,
which means that both user name and password are sent over the tunnel plaintext. PAP is
therefore not considered a secure authentication protocol.
CHAP
CHAP (Challenge Handshake Authentication Protocol) is a challenge-response
authentication protocol specified in RFC 1994. CHAP uses an MD5 one-way encryption
scheme to hash the response to a challenge issued by the DFL-700. CHAP is superior to PAP
in that the password is never sent over the link. Instead the password is used to create the
one-way MD5 hash. This does however mean that CHAP requires passwords to be stored in
a reversibly encrypted form.
MS-CHAP v1
MS-CHAP v1 (Microsoft Challenge Handshake Authentication Protocol version 1) is
similar to CHAP; the main difference is that with MS-CHAP v1 the password only needs to be
stored as an MD4 hash instead of a reversibly encrypted form. Another difference is that
MSCHAP v1 uses MD4 Hashing as opposed to MD5 used in CHAP.
MS-CHAP v2
MS-CHAP v2 (Microsoft Challenge Handshake Authentication Protocol version 1) is more
secure then MS-CHAP v1 as it provides two–way authentication. MS-CHAPv2 is not
backwards compatible with MS-CHAP v1. Both the Remote Access Server and the client
must prove they have knowledge of the password via two-way Challenge response
messages.
MPPE, Microsoft Point-To-Point Encryption
MPPE is used is used to encrypt Point-to-Point Protocol (PPP) packets. MPPE uses the
RSA RC4 algorithm to provide data confidentiality. The length of the session key to be used
for the encryption can be negotiated. MPPE currently supports 40-bit, 56-bit and 128-bit RC4
session keys.