Challenge Handshake Authentication Protocol
Challenge Handshake Authentication Protocol
(also CHAP)
Challenge Handshake Authentication Protocol definition
The Challenge Handshake Authentication Protocol is a network authentication protocol. It provides secure authentication based on a shared secret and one-way hashing. Think of it as a secret handshake that helps a computer prove who it is to a network or server.
See also: cryptographic hash function, handshake protocol
Here’s how the Challenge Handshake Authentication Protocol works:
- Start of connection. A client tries to connect to a network or server.
- Server’s challenge. The server sends a random code to the client.
- Client’s response. The client mixes their password with the challenge using a hash function and returns the result.
- Server verification. The server does the same mix and compares its result with the client’s response.
- Outcome. If the results match, the server grants access; if not, access is denied.
- Periodic checks. The server occasionally sends new challenges to re-verify the client.
Where is the Challenge Handshake Authentication Protocol used:
- Virtual Private Networks. CHAP securely authenticates a user or device, ensuring only authorized users access the VPN.
- Internet Service Providers. Many ISPs use it to authenticate users trying to connect to the internet, especially in dial-up and broadband connections.
- Remote Server Access. It authenticates users connecting from different locations in business or enterprise environments.
- Point-to-Point Protocol (PPP). CHAP is a standard authentication method in PPP, a protocol for establishing direct connections between two network nodes.
- Cloud Services. Some providers use CHAP to check users accessing cloud-based resources.