Skip to main content

Home Challenge Handshake Authentication Protocol

Challenge Handshake Authentication Protocol

(also CHAP)

Challenge Handshake Authentication Protocol definition

The Challenge Handshake Authentication Protocol is a network authentication protocol. It provides secure authentication based on a shared secret and one-way hashing. Think of it as a secret handshake that helps a computer prove who it is to a network or server.

See also: cryptographic hash function, handshake protocol

Here's how the Challenge Handshake Authentication Protocol works:

  • Start of connection. A client tries to connect to a network or server.
  • Server's challenge. The server sends a random code to the client.
  • Client's response. The client mixes their password with the challenge using a hash function and returns the result.
  • Server verification. The server does the same mix and compares its result with the client's response.
  • Outcome. If the results match, the server grants access; if not, access is denied.
  • Periodic checks. The server occasionally sends new challenges to re-verify the client.

Where is the Challenge Handshake Authentication Protocol used:

  • Virtual Private Networks. CHAP securely authenticates a user or device, ensuring only authorized users access the VPN.
  • Internet Service Providers. Many ISPs use it to authenticate users trying to connect to the internet, especially in dial-up and broadband connections.
  • Remote Server Access. It authenticates users connecting from different locations in business or enterprise environments.
  • Point-to-Point Protocol (PPP). CHAP is a standard authentication method in PPP, a protocol for establishing direct connections between two network nodes.
  • Cloud Services. Some providers use CHAP to check users accessing cloud-based resources.