Linux w/ SBC DSL
Monty J. Harder
lists at kc.rr.com
Mon Jul 15 02:50:37 CDT 2002
"Gerald Combs" <gerald at ethereal.com> wrote:
> It makes me physically ill to come out in defense of SBC, but if you're
> authenticating PPP (including PPPoE), you have three choices:
>
> - Use PAP. Passwords are sent in the clear, but can be encrypted on
> the server.
>
> - Use CHAP. Passwords are encrypted using a one-way hash. They must be
> stored in clear text on the client and server.
Yuck. I'm glad I get to use RoadRunner. I suppose it stands to reason -
PPP is designed to run over a serial line, a lot less likely to be sniffed
than Ethernet. But it's still bad from a security standpoint.
> - Use some proprietary/mangled version of CHAP, such as MS-CHAP
> or whatever crap someone (Shiva?) came up with a while back.
And so is security through obscurity. I guess it's asking too much to
expect some form of Public Key scheme be used.
More information about the Kclug
mailing list