> Qn./ Which is more secure, PAP or CHAP? > > Some people said PAP, some told me CHAP. > If PAP is less secure, why most ISPs are using PAP for subscribers' > authentication?
PAP sends your password in cleartext. CHAP uses an encrypted challenge-response method. Therefore, CHAP is more secure than PAP. Why do most ISPs only support PAP, and not CHAP? For their convenience, not yours. CHAP requires that the passwords be stored on their system in a cleartext, or reversibly-encrypted form. Since most systems default to storing passwords in a one-way encrypted form, this is more hassle for them. Also, maybe they're worried about someone stealing their password file, and then someone would have everyone's password. -- Kevin
