Which of the following offers the LEAST secure encryption capabilities?

A.
TwoFish

B.
PAP

C.
NTLM

D.
CHAP

Explanation:
PAP transmits unencrypted ASCII passwords over the network and is therefore considered insecure. It is
used as a last resort when the remote server does not support a stronger authentication protocol, like
CHAP or EAP.
Incorrect Answers:
A: TwoFish provides stronger encryption compared to NTLM, CHAP and PAP. TwoFish is a symmetric key
block cipher with a block size of 128 bits and key sizes up to 256 bits. TwoFish is related to the earlier
block cipher Blowfish.
C: NTLM provides stronger encryption compared to CHAP and PAP. NT LAN Manager (NTLM) is a suite of
Microsoft security protocols that provides authentication, integrity, and confidentiality to users. NTLM is
being replaced by Kerberos.
D: CHAP provides a more secure encryption than PAP. CHAP provides protection against replay attacks by
the peer through the use of an incrementally changing identifier and of a variable challenge-value.

Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis,
2014, pp. 139, 143, 251, 256