Symbol Technologies MC3000 User Manual

Page 123

Advertising
background image

Wireless Applications

7-9

Table 7-8

lists the TTLS tunneled authentication options.

Table 7-8. TTLS Tunneled Authentication Options

TTLS Tunneled

Authentication

Description

CHAP

Challenge Handshake Authentication Protocol (CHAP) is one of the two main authentication protocols used to verify the user name and
password for PPP Internet connections. CHAP is more secure than PAP because it performs a three way handshake during the initial
link establishment between the home and remote machines. It can also repeat the authentication anytime after the link has been
established.

MS CHAP

Microsoft Challenge Handshake Authentication Protocol (MS CHAP) is an implementation of the CHAP protocol that Microsoft created
to authenticate remote Windows workstations. In most respects, MS CHAP is identical to CHAP, but there are a few differences. MS
CHAP is based on the encryption and hashing algorithms used by Windows networks, and the MS CHAP response to a challenge is in
a format optimized for compatibility with Windows operating systems.

MS CHAP v2

MS CHAP v2 is a password based, challenge response, mutual authentication protocol that uses the industry standard Message Digest
4 (MD4) and Data Encryption Standard (DES) algorithms to encrypt responses. The authenticating server challenges the access client
and the access client challenges the authenticating server. If either challenge is not correctly answered, the connection is rejected.
MS CHAP v2 was originally designed by Microsoft as a PPP authentication protocol to provide better protection for dial-up and virtual
private network (VPN) connections. With Windows XP SP1, Windows XP SP2, Windows Server 2003, and Windows 2000 SP4, MS
CHAP v2 is also an EAP type.

PAP

Password Authentication Protocol (PAP), has two variations PAP and CHAP PAP. It verifies a user name and password for PPP Internet
connections, but it is not as secure as CHAP, since it works only to establish the initial link. PAP is also more vulnerable to attack
because it sends authentication packets throughout the network. Nevertheless, PAP is more commonly used than CHAP to log in to a
remote host like an Internet service provider.

MD5

Message Digest-5 (MD5) is an authentication algorithm developed by RSA. MD5 generates a 128-bit message digest using a 128-bit
key, IPSec truncates the message digest to 96 bits.

Advertising
Popular Brands
Popular manuals