Previous Topic: PAP Overview

Next Topic: RADIUS CHAP/PAP Scheme Overview

CHAP Overview

CHAP (Challenge-Handshake Authentication Protocol) is a more secure authentication scheme than PAP. In a CHAP scheme, the following takes place in order to establish a user's identity:

  1. After the link between the user's machine and the authenticating server is made, the server sends a challenge message to the connection requester. The requester responds with a value obtained by using a one-way hash function.
  2. The server checks the response by comparing it against its own calculation of the expected hash value.
  3. If the values match, the authentication is acknowledged; otherwise the connection is usually terminated.

At any time, the server can request the connected party to send a new challenge message. Because CHAP identifiers are changed frequently and because authentication can be requested by the server at any time, CHAP provides more security than PAP.


Copyright © 2010 CA. All rights reserved. Email CA about this topic