Challenge-handshake authentication protocol

Challenge-handshake authentication protocol

In computing, the Challenge-Handshake Authentication Protocol (CHAP) authenticates a user or network host to an authenticating entity. That entity may be, for example, an Internet access provider.

RFC 1994: PPP Challenge Handshake Authentication Protocol (CHAP) defines the protocol.

CHAP is an authentication scheme used by Point to Point Protocol (PPP) servers to validate the identity of remote clients. CHAP periodically verifies the identity of the client by using a three-way handshake. This happens at the time of establishing the initial link, and may happen again at any time afterwards. The verification is based on a shared secret (such as the client user's password).

# After the completion of the link establishment phase, the authenticator sends a "challenge" message to the peer.
# The peer responds with a value calculated using a one-way hash function, such as an MD5 checksum hash.
# The authenticator checks the response against its own calculation of the expected hash value. If the values match, the authenticator acknowledges the authentication; otherwise it should terminate the connection.
# At random intervals the authenticator sends a new challenge to the peer and repeats steps 1 through 3.

CHAP provides protection against playback attack by the peer through the use of an incrementally changing identifier and of a variable challenge-value.CHAP requires that both the client and server know the plaintext of the secret, although it is never sent over the network.

Microsoft has implemented a variant of the Challenge-handshake authentication protocol, called MS-CHAP, which does not require either peer to know the plaintext.

Working Cycle

*Challenge Packet (System to User)
*Response Packet (User to System)
*Success or failure packet (System to User)

CHAP Packets

CHAP packet embedded in a PPP frame. The protocol field has a value of C223(hex)

ee also

* Password Authentication Protocol
* Challenge-response test
* Cryptographic hash function

References

* RFC 1994


Wikimedia Foundation. 2010.

Игры ⚽ Поможем сделать НИР

Look at other dictionaries:

  • Challenge-handshake Authentication Protocol — (CHAP) est un protocole d authentification pour PPP à base de challenge, ce qui le rend bien plus sûr que son pendant PAP. Ce protocole est défini dans la RFC 1994. Il est aussi utilisé par le protocole iSCSI afin que Initiator et Target iSCSI s… …   Wikipédia en Français

  • Challenge-handshake authentication protocol — (CHAP) est un protocole d authentification pour PPP à base de challenge, ce qui le rend bien plus sûr que son pendant PAP. Ce protocole est défini dans la RFC 1994. Il est aussi utilisé par le protocole iSCSI afin que Initiator et Target iSCSI s… …   Wikipédia en Français

  • Challenge-Handshake Authentication Protocol — (CHAP) est un protocole d authentification pour PPP à base de challenge, ce qui le rend bien plus sûr que son pendant PAP. Ce protocole est défini dans la RFC 1994. Il est aussi utilisé par le protocole iSCSI afin que Initiator et Target iSCSI s… …   Wikipédia en Français

  • Challenge-Handshake Authentication Protocol — In computing, the Challenge Handshake Authentication Protocol (CHAP) authenticates a user or network host to an authenticating entity. That entity may be, for example, an Internet service provider. CHAP is specified in RFC 1994. CHAP provides… …   Wikipedia

  • Challenge Handshake Authentication Protocol — Das Challenge Handshake Authentication Protocol (CHAP) ist ein Authentifizierungsprotokoll, das im Rahmen von Point to Point Protocol (PPP) eingesetzt wird. PPP ist auf der Sicherungsschicht in der Internetprotokollfamilie angesiedelt. CHAP ist… …   Deutsch Wikipedia

  • Challenge-Handshake Authentication Protocol —    Abbreviated CHAP. A method of authentication that you can use when connecting to an ISP that allows you to log on automatically.    See also Password Authentication Protocol …   Dictionary of networking

  • Challenge Handshake Authentication Protocol — …   Википедия

  • Microsoft Challenge Handshake Authentication Protocol — …   Википедия

  • Challenge-response authentication — For the spam filtering technique, see Challenge response spam filtering. For other uses, see CRAM (disambiguation). In computer security, challenge response authentication is a family of protocols in which one party presents a question (… …   Wikipedia

  • Authentication protocol — An authentication protocol is a type of cryptographic protocol with the purpose of authenticating entities wishing to communicate securely.Authentication protocol may refer to: * Challenge handshake authentication protocol (CHAP) * Extensible… …   Wikipedia

Share the article and excerpts

Direct link
Do a right-click on the link above
and select “Copy Link”