In Computing, the Challenge-Handshake Authentication Protocol (CHAP) is an authentication protocol used to log on a user to an Internet access provider.

It is defined in RFC 1994: PPP Challenge Handshake Authentication Protocol (CHAP).

CHAP is used to periodically verify the identity of the client by using a Handshaking. This is done upon initial link establishment, and may be repeated anytime after the link has been established. The client and the server share a secret from before (like client s password).

#After the link establishment phase is complete, the authenticator sends a challenge message to the peer. #The peer responds with a value calculated using a one-way function, such as MD5. #The authenticator checks the response against its own calculation of the expected hash value. If the values match, the authentication is acknowledged; otherwise the connection should be terminated. #At random intervals, the authenticator sends a new challenge to the peer, and repeats steps 1 to 3.

CHAP provides protection against playback attack by the peer through the use of an incrementally changing identifier and a variable challenge value. CHAP requires that the secret be available in plaintext form.

=See also=

=References=