from
The Free On-line Dictionary of Computing (8 July 2008)
Challenge-Handshake Authentication Protocol
CHAP
<networking, security, standard, protocol> (CHAP) An
{authentication} scheme used by {PPP} servers to validate the
identity of the originator of the connection upon connection
or any time later.
CHAP applies a three-way {handshaking} procedure. After the
link is established, the server sends a "challenge" message to
the originator. The originator responds with a value
calculated using a {one-way hash function}. The server checks
the response against its own calculation of the expected hash
value. If the values match, the authentication is
acknowledged; otherwise the connection is usually terminated.
CHAP provides protection against {playback} attack through the
use of an incrementally changing identifier and a variable
challenge value. The authentication can be repeated any time
while the connection is open limiting the time of exposure to
any single attack, and the server is in control of the
frequency and timing of the challenges. As a result, CHAP
provides greater security then {PAP}.
CHAP is defined in {RFC} 1334.
(1996-03-05)