Oct 22

Importance of CHAP (Challenge-Handshake Authentication Protocol)


CHAP (Challenge-Handshake Authentication Protocol) may be a safer procedure for connecting to a system than the arcanum Authentication Procedure (PAP). Here’s however CHAP works:

After the link is formed, the server sends a challenge message to the association requestor. The requestor responds with a price obtained by employing a unidirectional hash operate.

The server checks the response by comparison it its own calculation of the expected hash worth.

If the values match, the authentication is acknowledged; otherwise the connection is sometimes terminated.

At any time, the server will request the connected party to send a replacement challenge message. as a result of CHAP identifiers are modified oftentimes and since authentication are often requested by the server at any time, CHAP provides a lot of security than PAP. RFC1334 defines each CHAP and PAP.

Challenge acknowledgement Authentication Protocol (CHAP) may be a Point-to-point protocol (PPP) authentication protocol developed by IETF (Internet Engineering Task Force). it’s used at the initial start-up of the link. Also, it performs periodic check-ups to visualize if the router remains human action with constant host.


It uses 3-way acknowledgment protocol (not like TCP). First, the critic sends a challenge packet to the peer then, the peer responds with a price mistreatment it’s a technique hash operates. The critic then matches the received worth with its own calculated hash worth. If the values match then the authentication is acknowledged otherwise, the association are going to be terminated.

It uses unidirectional hash operate known as MD5.

It additionally authenticates sporadically to visualize if the communication is happening with constant device or not.

Also, it provides a lot of security than PAP (Password Authentication Procedure) because the worth used (find out by hash function) is modified variably.

CHAP needs to grasp the plaintext of the key because it isn’t sent over the network.

There are four kinds of CHAP packets –

Challenge packet: it’s a packet sent, by the critic to see, at the beginning of the CHAP 3-way acknowledgement. Challenge packet is additionally sent sporadically to visualize if the association isn’t altered. It contains symbol worth, worth field that contains random worth and additionally contains name field that contains name of the critic. The name field is employed for arcanum hunt. The name field is additionally fed to MD5 hash generator and a unidirectional hash worth is generated.

Response Packet: it’s wont to response to the challenge packet. It contains {the worth the worth} field that contains unidirectional hash value generated, symbol worth and therefore the name field. The Name field of the Response packet is about to the hostname of the peer router. Now, the Name field of Challenge packet is hunted for the arcanum. The router appearance up for AN entry that matches the username within the Name field of the Challenge packet and gets the arcanum. Then, this arcanum is hashed by feeding it to MD5 hash generator and a technique hash worth is generated. This worth is inserted into the worth field of response packet and sent to the critic.

Success packet: currently, the critic additionally performs constant factor by trying up in name only field (if it’s AN entry for that username) of the response packet and by mistreatment that it generates a hash worth. If the worth generated is same as that of peer, then the success packet is sent.

Failure packet: If the generated worth is totally different then the failure packet is sent to the peer.

List of top IT Certification

Looking for an IT Job?

Please call us on 1800 159 151, or complete the form below.

  • This field is for validation purposes and should be left unchanged.

Recent Posts

About The Author

Delivering Classroom and Live Instructor-led Training. Attend at our premises or from anywhere on any device.

COVID discounts on Job Programs end soon, register today.

Open chat