Challenge-handshake authentication protocol

In computing, the Challenge-Handshake Authentication Protocol (CHAP) is an authentication protocol used to log on a user to an Internet access provider.

It is defined in RFC 1994: PPP Challenge Handshake Authentication Protocol (CHAP).

CHAP is used to periodically verify the identity of the client by using a 3-way handshake. This is done upon initial link establishment, and may be repeated anytime after the link has been established. The client and the server share a secret from before (like client's password).

  1. After the link establishment phase is complete, the authenticator sends a "challenge" message to the peer.
  2. The peer responds with a value calculated using a one-way hash function: MD5.
  3. The authenticator checks the response against its own calculation of the expected hash value. If the values match, the authentication is acknowledged; otherwise the connection should be terminated.
  4. At random intervals, the authenticator sends a new challenge to the peer, and repeats steps 1 to 3.

See also

This computer network-related article is a stub. Help Wikipedia by expanding it.

See also: Challenge-handshake authentication protocol, Authentication protocol, Challenge-response test, Computer network, Computing, Cryptographic hash function, MD5, One-way function, Password Authentication Protocol