Sniffing PAP/CHAP

[Nigel Metheringham]

chl@clw.cs.man.ac.uk said:
> Neither PAP nor CHAP involves encryption. In both cases the username
> is sent in the clear. With PAP the passwrod is sent in the clear too
> (just like dear old telnet and rlogin). With CHAP the authentication
> is done by a challenge/response, thus preventing a replay attack. 

However, there *is* encryption of the password data within RADIUS 
packets - basically a symmetric low grade cipher of some sort (I think 
from memory its the XORing in of the MD5 of a shared secret and some 
header data from the packet).

	Nigel.
-- 
[ - Opinions expressed are personal and may not be shared by VData - ]
[ Nigel Metheringham                  Nigel.Metheringham@VData.co.uk ]
[ Phone: +44 1423 850000                         Fax +44 1423 858866 ]