Shiva Password Authentication Protocol (SPAP)

Shiva Password Authentication Protocol (SPAP)

Shiva Password Authentication Protocol (SPAP) is a reversible encryption mechanism employed by Shiva. A computer running Windows XP Professional, when connecting to a Shiva LAN Rover, uses SPAP, as does a Shiva client that connects to a server running Routing and Remote Access.

This form of authentication is more secure than plaintext but less secure than Challenge Handshake Authentication Protocol (CHAP) or Microsoft Challenge Handshake Authentication Protocol (MS-CHAP). Reference can be found at http://technet.microsoft.com/en-us/library/dd197599.aspx

This form of authentication does have its downsides though.  Even though it is secure and encrypted, there can be issues with hacking by what are called replay attacks.

The reason for this susceptibility is that the same credentials are sent in each direction each time the user tries to log in.   A hacker who is “listening to the server or virtual network” can hack that signal and be able to use that signal to infiltrate the system.

This form of authentication has now been widely discouraged because of this serious threat to security.  Most virtual networks have discontinued the use of this form of authentication.

Read more

• Authentication Protocols
• Password Authentication Protocol (PAP)
• Challenge Handshake Authentication Protocol (CHAP)
• Microsoft Challenge Handshake Authentication Protocol (MS-CHAP) V1 and V2
• Extensible Authentication Protocol (EAP)
• Remote Authentication Dial In User Service (RADIUS)