Definition

CHAP (Challenge-Handshake Authentication Protocol)

Contributor(s): Nico Macdonald

CHAP (Challenge-Handshake Authentication Protocol) is a more secure procedure for connecting to a system than the Password Authentication Procedure (PAP). Here's how CHAP works:

  1. After the link is made, the server sends a challenge message to the connection requestor. The requestor responds with a value obtained by using a one-way hash function.
  2. The server checks the response by comparing it its own calculation of the expected hash value.
  3. If the values match, the authentication is acknowledged; otherwise theconnection is usually terminated.

At any time, the server can request the connected party to send a new challenge message. Because CHAP identifiers are changed frequently and because authentication can be requested by the server at any time, CHAP provides more security than PAP. RFC1334 defines both CHAP and PAP.

This was last updated in June 2005

Next Steps

The multitude of authentication protocols can make any anyone’s head spin. Learning the difference between EAP and LEAP or WPA2 and Cisco’s LEAP security will help IT pros make the best decision. As products like vSphere support changes with the iSCI initiator authentication and CHAP or security pros learn what they need to know with Hyper-V high availability storage, understanding the authentication protocols will help keep their enterprise safe.

To read more about authentication protocols like multifactor authentication, you can get started by reading a primer on multifactor authentication in the enterprise. Then read our deep dive into MFA tools to get the inside scoop on the product landscape, and, finally, read about how to build a business case for MFA.

Continue Reading About CHAP (Challenge-Handshake Authentication Protocol)

Dig Deeper on Web Authentication and Access Control

PRO+

Content

Find more PRO+ content and other member only offers, here.

Join the conversation

1 comment

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

same explanation as Cisco, vague, and doesn't help.
Cancel

-ADS BY GOOGLE

File Extensions and File Formats

Powered by:

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close