What is Challenge Handshake Authentication Protocol (CHAP)

One of the methods that can be used protect information when using remote access to a resource is the Challenge Handshake Authentication Protocol (CHAP) CHAP is a remote access authentication protocol used in conjunction with Point-to-Point Protocol (PPP) to provide security and authentication to users of remote resources.

PPP allows users to use dynamic addressing and multiple protocols during communication with a remote host.

CHAP is used to periodically verify the identity of the peer using a threeway handshake.This is done upon initial link establishment, and may be repeated anytime after the link has been established.

CHAP operates in conjunction with PPP to provide protection of the credentials presented for authentication and to verify connection to a valid resource. It does not operate with encrypted password databases, and therefore is not as strong a protection as other levels of authentication. The shared secrets may be stored on both ends as a cleartext item, making the secret vulnerable to compromise or detection.

CHAP may also be configured to store a password using oneway reversible encryption, which uses the one-way hash. This provides protection to the password, because the hash must match the client wishing to authenticate with the server that has stored the password with the hash value. CHAP is better than Password Authentication Protocol (PAP), however, since PAP sends passwords across the network in cleartext.


Did you find this tutorial helpful? Don’t forget to share your views with us.