[Warning - I'm jumping in the middle of this thread and may have missed
something that was said before - so please take this post w/ a big grain
of salt]
In message <3 .
0 .
32 .
19970808103524 .
007412e8 @
brussels .
cisco .
com>, Eric Vyncke wri
tes:
>
> [Discussion about MS-CHAP snipped]
>
> Not sure for SecurID, but, beware that most token card servers
> must receive the user password in clear text to do the authentication
> testing... so the only PPP authentication method is PAP (i.e. in clear
> text) and
> neither CHAP nor MS-CHAP.
Hmm, are you sure ? I thought that most password-activated access tokens
worked by performing some kind of hard-to-reverse computation on the user's
password (and/or login name) and either a challenge value sent by the
server or a time-synchronous value computed independently by the server and
the token (this is how securid tokens work AFAIK). If you're right, I may
have to revise my opinion of access tokens downward :-). Granted, even if I
understand it right, it means it's not exactly CHAP, but it still looks
closer to it than to PAP.
Michel Lavondes (lavondes @
tidtest .
total .
fr), speaking only for himself
Myself when young did eagerly frequent
Doctor and Saint, and heard great argument
about it and about, but evermore
came out by the same door as in I went.
-- Omar Khayaam
References:
|
|
