Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Chriss Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Are Dial up connection passwords encrypted? 1

Status
Not open for further replies.
nate2345

nate2345

IS-IT--Management
Joined
Aug 9, 2004
Messages
84
Location
US
When a dialup connection is setup using "connect to the network at my workplace" (using the default options) does the username and password get encrypted or will someone be able to attach a device to the modem which can read the password?

If possible, can you refer me to any good articles that explain dialup connections in depth?

Thanks,
Nate
 
Sort by date Sort by votes
I don't know if the password is encrypted for storage. However, if it does, it gets decrypted automatically when you bring up a dialog where the password is automatically filled in. In fact, I've seen a program that allows you to read the data out of any standard Windows "asterisx password" box.
 
Upvote 0 Downvote
I'm not concerned about the password being encrypted on the local computer. I'm just concerned when the password is sent to the RAS server for authentication - is it sent over encrypted or not.
 
Upvote 0 Downvote
It is encrypted and cannot be copied in readable form to another computer.
 
Upvote 0 Downvote
bacstner,

Do you know of any links that discuss this and specifically mention that passwords are sent over to the RAS server in unreadable format, since my manager wants to see this in writing.

Thanks.
 
Upvote 0 Downvote
should cover the issue.

Remember that you have a choice of authentication protocol, including unencrypted PAP (or APAP).

Authentication Protocols Supported:

PAP - Password Authentification Protocol is a two way handshake protocol designed for use with PPP. Authentication Protocol Password Authentication Protocol is a plain text password used on older SLIP systems. It is not secure.

CHAP - Challenge Handshake Authentication Protocol is a three way handshake protocol which is considered more secure than PAP. Authentication Protocol.

MS-CHAP (MD5) - Uses a Microsoft version of RSA message digest 5 challenge and reply protocol. It only works on Microsoft systems and enables data encryption. Selecting this authentification method causes all data to be encrypted.

RADIUS - Remote Authentication Dial-In User Service used to authenticate users dialing in remotely to servers in a organization's network. It can be used to track users' time on networks. User information is sent to a RADIUS server for validation when the user logs on to a network. It is a new protocol with Windows 2000. The RAS server must be configured as a RADIUS client on the Remote Access Service properties dialog box security tab. The RAS server may be configured to use any of several RADIUS servers for user authentication. The "Configure" button is used to add or remove RADIUS server information. The working sequence between the RAS server and the RADIUS server is as follows:
A server running Remote Access Service (RAS) receives a connection request from a user on a remote computer.
The remote computer is requesting RADIUS authentication.
The RAS server forwards the request to a RADIUS server for authentication. (The RAS server becomes a RADIUS client).
The Internet Authentication Service (IAS) on the RADIUS server responds to the request from the RAS server. (IAS can be installed and configured in the Control Panel network services dialog box.
The RAS server takes appropriate action in verifying the user based on the RADIUS server response.

EAP - Extensible Authentication Protocol is used between a dial-in client and server to determine what authentication protocol will be used. Used to support smart card and other high tech forms of authentication through its support of Transport Layer Security (TLS) which is used by these devices. It is a new protocol with Windows 2000.
Open the RAS server Remote Access Service properties dialog box and select the "Security" tab to enable these protocols (exclusive of RADIUS which is actually a service).

So unless you choose PAP, all other shcmeas are encrypted.
 
Upvote 0 Downvote
So it seems that if I take the defaults when creating the connection and then I look at the properties of the connection, under the security tab, under "validate my identity as follows" and it uses "allow unsecure password" so that would probably mean it's being sent over in plain text (tell me if I'm wrong).

Thanks for the info,
Nate
 
Upvote 0 Downvote
Only if you also choose PAP as the authentication protocol.
Unsecured passwords is not the default.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Keyboy
  • Locked
  • Question Question
Computer freezing up
Replies
3
Views
2K
Rick998
Rick998
Flinx
  • Locked
  • Question Question
the SAGA of trying to get a computer to sleep and wake up on a schedule
Replies
1
Views
3K
Flinx
Flinx
pjw001
  • Locked
  • Question Question
Latest Windows Update - End of Service
Replies
2
Views
3K
pjw001
pjw001
VicM
  • Locked
  • Question Question
Problem updating Windows Explorer
Replies
1
Views
1K
Nancycaf
Nancycaf
Flinx
  • Locked
  • Question Question
unable to update microsoft edge
Replies
3
Views
2K
Rick998
Rick998

Part and Inventory Search

Sponsor

Back
Top