https://encyclopediaofcybersecurity.com/index.php?action=history&feed=atom&title=Challenge_Handshake_Authentication_Protocol 2026-05-06T13:40:35Z Revision history for this page on the wiki MediaWiki 1.41.1 https://encyclopediaofcybersecurity.com/index.php?title=Challenge_Handshake_Authentication_Protocol&diff=336&oldid=prev 2024-05-09T01:55:10Z

<p>Created page with &quot;== Challenge Handshake Authentication Protocol (CHAP) == The &#039;&#039;&#039;Challenge Handshake Authentication Protocol&#039;&#039;&#039; (CHAP) is an authentication protocol used to verify the identity of a user or client device attempting to connect to a network. CHAP is a secure method that prevents transmission of plaintext passwords over the network. It is commonly used with Point-to-Point Protocol (PPP) connections. === Operation === When a user or client device initiates a connection to...&quot;</p> <p><b>New page</b></p><div>== Challenge Handshake Authentication Protocol (CHAP) ==<br /> <br /> The &#039;&#039;&#039;Challenge Handshake Authentication Protocol&#039;&#039;&#039; (CHAP) is an authentication protocol used to verify the identity of a user or client device attempting to connect to a network. CHAP is a secure method that prevents transmission of plaintext passwords over the network. It is commonly used with Point-to-Point Protocol (PPP) connections.<br /> <br /> === Operation ===<br /> <br /> When a user or client device initiates a connection to a network using PPP, the network access server (NAS) challenges the client to prove its identity. The NAS sends a random string, known as a challenge, to the client. The client combines the challenge with its password using a cryptographic hash function, such as MD5, and sends the result back to the NAS. The NAS independently performs the same calculation using its copy of the client&#039;s password. If the calculated values match, authentication is successful.<br /> <br /> === Security ===<br /> <br /> CHAP provides stronger security compared to plaintext authentication protocols like Password Authentication Protocol (PAP) because it does not transmit passwords over the network. Instead, it uses a cryptographic hash function to verify passwords without exposing them to eavesdropping or password sniffing attacks.<br /> <br /> === Advantages ===<br /> <br /> * CHAP provides stronger security compared to plaintext authentication protocols like PAP.<br /> * It prevents transmission of passwords over the network, reducing the risk of unauthorized access.<br /> <br /> === Disadvantages ===<br /> <br /> * CHAP requires both the client and server to store plaintext copies of the password or an equivalent reversible representation, which poses a security risk if these credentials are compromised.<br /> * It requires more computational resources compared to plaintext authentication protocols.<br /> <br /> === Alternatives ===<br /> <br /> Alternative authentication protocols include Password Authentication Protocol (PAP), which transmits passwords in plaintext, and Extensible Authentication Protocol (EAP), which supports a variety of authentication methods, including more secure mechanisms like Transport Layer Security (TLS) and digital certificates.<br /> <br /> == See Also ==<br /> * [[Point-to-Point_Protocol|Point-to-Point Protocol (PPP)]]<br /> * [[Password_Authentication_Protocol|Password Authentication Protocol (PAP)]]<br /> * [[Extensible_Authentication_Protocol|Extensible Authentication Protocol (EAP)]]<br /> * [[MD5|Message Digest Algorithm 5 (MD5)]]<br /> <br /> == References ==<br /> * [https://tools.ietf.org/html/rfc1994 RFC 1994 - PPP Challenge Handshake Authentication Protocol (CHAP)]<br /> <br /> [[Category:Protocols]]</div>

Ccocrick