Challenge-Handshake Authentication Protocol

From Wikipedia, the free encyclopedia
Jump to navigation Jump to search

In computing, the Challenge-Handshake Authentication Protocol (CHAP) authenticates a user or network host to an authenticating entity. That entity may be, for example, an Internet service provider.

CHAP provides protection against replay attacks by the peer through the use of an incrementally changing identifier and of a variable challenge-value. CHAP requires that both the client and server know the plaintext of the secret, although it is never sent over the network. Thus, CHAP provides better security as compared to Password Authentication Protocol (PAP) which is vulnerable for both these reasons. The MS-CHAP variant does not require either peer to know the plaintext and does not transmit it, but has been broken.[1]

Working cycle[edit]

CHAP is an authentication scheme used by Point-to-Point Protocol (PPP) servers to validate the identity of remote clients. CHAP periodically verifies the identity of the client by using a three-way handshake. This happens at the time of establishing the initial link (LCP), and may happen again at any time afterwards. The verification is based on a shared secret (such as the client's password).[2]

  1. After the completion of the link establishment phase, the authenticator sends a "challenge" message to the peer.
  2. The peer responds with a value calculated using a one-way hash function on the challenge and the secret combined.
  3. The authenticator checks the response against its own calculation of the expected hash value. If the values match, the authenticator acknowledges the authentication; otherwise it should terminate the connection.
  4. At random intervals the authenticator sends a new challenge to the peer and repeats steps 1 through 3.

CHAP packets[edit]

Description 1 byte 1 byte 2 bytes 1 byte Variable variable
Challenge Code = 1 ID Length Challenge Length Challenge value Name
Response Code = 2 ID Length Response Length Response value Name
Success Code = 3 ID Length Message
Failure Code = 4 ID Length Message

The ID chosen for the random challenge is also used in the corresponding response, success, and failure packets. A new challenge with a new ID must be different from the last challenge with another ID. If the success or failure is lost, the same response can be sent again, and it triggers the same success or failure indication. For MD5 as hash the response value is MD5(ID||secret||challenge), the MD5 for the concatenation of ID, secret, and challenge.[3]

See also[edit]


  1. ^ "Divide and Conquer: Cracking MS-CHAPv2 with a 100% success rate". David Hulton. 2012. Archived from the original on 16 March 2016. Retrieved 2013-03-10.
  2. ^ Forouzan (2007). Data Communications & Networking 4E Sie. McGraw-Hill Education (India) Pvt Limited. pp. 352–. ISBN 978-0-07-063414-5. Retrieved 24 November 2012.
  3. ^ "Understanding and Configuring PPP CHAP Authentication". Cisco tech note. 2005. Retrieved 2011-08-14.

External links[edit]

  • RFC 1994 PPP Challenge Handshake Authentication Protocol (CHAP)
  • RFC 2865 Remote Authentication Dial In User Service (RADIUS): uses PAP or CHAP
  • RFC 3748 Extensible Authentication Protocol (EAP): discusses CHAP