Challenge-Handshake Authentication Protocol definition networking, security, standard, protocol
(CHAP) An authentication
scheme used by PPP
servers to validate the identity of the originator of the connection upon connection or any time later.
CHAP applies a three-way handshaking
procedure. After the link is established, the server sends a "challenge" message to the originator. The originator responds with a value calculated using a one-way hash function
. The server checks the response against its own calculation of the expected hash value. If the values match, the authentication is acknowledged; otherwise the connection is usually terminated.
CHAP provides protection against playback
attack through the use of an incrementally changing identifier and a variable challenge value. The authentication can be repeated any time while the connection is open limiting the time of exposure to any single attack, and the server is in control of the frequency and timing of the challenges. As a result, CHAP provides greater security then PAP
CHAP is defined in RFC