Challenge-Handshake Authentication Protocol
<networking, security, standard, protocol> (CHAP) An authentication
scheme used by PPP servers to validate the identity of the originator of the
connection upon connection or any time later.
CHAP applies a three-way handshaking procedure. After the link is established,
the server sends a "challenge" message to the originator. The originator
responds with a value calculated using a one-way hash function. The server
checks the response against its own calculation of the expected hash value. If
the values match, the authentication is acknowledged; otherwise the connection
is usually terminated.
CHAP provides protection against playback attack through the use of an
incrementally changing identifier and a variable challenge value. The
authentication can be repeated any time while the connection is open limiting
the time of exposure to any single attack, and the server is in control of the
frequency and timing of the challenges. As a result, CHAP provides greater
security then PAP.
CHAP is defined in RFC 1334.
chad box « Chadless keypunch « chain «
Challenge-Handshake Authentication Protocol »
Chalmers University of Technology » change
management » changeover