Challenge Handshake Authentication Protocols (CHAP)

CHAP as its an implies implements  a form of authentication that  requires a challenge  and a response. A CHAP authenticator challenge its client  peer with  its CHAP name  and a random string. The  client  must transform this  random string with a computation algorithm and a CHAP secret key. It  then returns the result with its own name. The  challenge  evaluates the reply with its own copy  of he secret key. Then it forwards a success or failure acknowledgment.  CHAP packets  when host a  is the authenticator.  In summary CAHP  is a three way handshake consisting of a challenge a response, and an acknowledgment.

The  challenge  response and response computation are all built in to PPP software. Users need to  supply a CAHP name and  a secret key known by both endpoints of the PPP connection. As long as both  endpoints  use the same kys a CAHP reply matches what the CAHP challenger expects. The important security  characteristics of CHAP is that PPP endpoints  never keys in  plain  text through  the PPP  CHAP can extend the list of  cryptographically  one way functions  used for  computing CHAP response. When PPP endpoints  negotiate CHAP authentication an I. C. P  configure request packet caries the authentication protocol 0x023 option.

After PPP endpoints agree to use CHAP  authentication the CHAP packets  to exchange appear as in  CHAP  packets include four different messages, as  distinguished by different  codes. Challenge response  success and failure.