Manualshelf

User's Guide

ManualsBrandsSymbol Technologies ManualsElectronicsSymbol Technologies MC9097
21222324252627282930
Table Of Contents
Wireless Applications 4-9
Table 4-8 lists the TTLS tunneled authentication options.
Table 4-8. TTLS Tunneled Authentication Options
TTLS Tunneled
Authentication Description
CHAP Challenge Handshake Authentication Protocol (CHAP) is one of the two main authentication protocols used to verify the user
name and password for PPP Internet connections. CHAP is more secure than PAP because it performs a three way handshake
during the initial link establishment between the home and remote machines. It can also repeat the authentication anytime
after the link has been established.
MS CHAP Microsoft Challenge Handshake Authentication Protocol (MS CHAP) is an implementation of the CHAP protocol that
Microsoft created to authenticate remote Windows workstations. In most respects, MS CHAP is identical to CHAP, but there
are a few differences. MS CHAP is based on the encryption and hashing algorithms used by Windows networks, and the
MS CHAP response to a challenge is in a format optimized for compatibility with Windows operating systems.
MS CHAP v2 MS CHAP v2 is a password based, challenge response, mutual authentication protocol that uses the industry standard
Message Digest 4 (MD4) and Data Encryption Standard (DES) algorithms to encrypt responses. The authenticating server
challenges the access client and the access client challenges the authenticating server. If either challenge is not correctly
answered, the connection is rejected. MS CHAP v2 was originally designed by Microsoft as a PPP authentication protocol
to provide better protection for dial-up and virtual private network (VPN) connections. With Windows XP SP1, Windows XP
SP2, Windows Server 2003, and Windows 2000 SP4, MS CHAP v2 is also an EAP type.
PAP Password Authentication Protocol (PAP), has two variations PAP and CHAP PAP. It verifies a user name and password for PPP
Internet connections, but it is not as secure as CHAP, since it works only to establish the initial link. PAP is also more
vulnerable to attack because it sends authentication packets throughout the network. Nevertheless, PAP is more commonly
used than CHAP to log in to a remote host like an Internet service provider.
MD5 Message Digest-5 (MD5) is an authentication algorithm developed by RSA. MD5 generates a 128-bit message digest using
a 128-bit key, IPSec truncates the message digest to 96 bits.