Challenge-handshake authentication protocol

Encyclopedia : C : CH : CHA : Challenge-handshake authentication protocol

---

In computing, the Challenge-Handshake Authentication Protocol (CHAP) authenticates a user to an Internet access provider.

RFC 1994: PPP Challenge Handshake Authentication Protocol (CHAP) defines the protocol.

CHAP is an authentication scheme used by Point to Point Protocol (PPP) servers to validate the identity of remote clients. CHAP periodically verifies the identity of the client by using a three-way handshake. This happens at the time of establishing the initial link, and may happen again at any time afterward. The verification is based on a shared secret (such as the client user's password).

1. After the completion of the link establishment phase, the authenticator sends a "challenge" message to the peer.
2. The peer responds with a value calculated using a one-way hash function, such as MD5.
3. The authenticator checks the response against its own calculation of the expected hash value. If the values match, the authenticator acknowledges the authentication; otherwise it should terminate the connection.
4. At random intervals the authenticator sends a new challenge to the peer and repeats steps 1 to 3.

CHAP provides protection against playback attack by the peer through the use of an incrementally changing identifier and of a variable challenge-value. CHAP requires that client make the secret available in plaintext form.

Microsoft has implemented the Challenge-handshake authentication protocol as MS-CHAP.

See also

• Password Authentication Protocol
• Challenge-response test
• Cryptographic hash function

References

• RFC 1994

 

---

From Wikipedia, the Free Encyclopedia. Original article here. Support Wikipedia by contributing or donating.
All text is available under the terms of the GNU Free Documentation License See Wikipedia Copyrights for details.

Search Titles

0

1

2

3

4

5

6

7

8

9

A

B

C

D

E

F

G

H

I

J

K

L

M

N

O

P

Q

R

S

T

U

V

W

X

Y

Z

?