Incomputing, theChallenge-Handshake Authentication Protocol (CHAP) is anauthentication protocol originally used byPoint-to-Point Protocol (PPP) to validate users. CHAP is also carried in other authentication protocols such asRADIUS andDiameter.
Almost allnetwork operating systems support PPP with CHAP, as do mostnetwork access servers. CHAP is also used inPPPoE, for authenticating DSL users.
As the PPP sends data unencrypted and "in the clear", CHAP is vulnerable to any attacker who can observe the PPP session. An attacker can see the user's name, CHAP challenge, CHAP response, and any other information associated with the PPP session. The attacker can then mount an offlinedictionary attack in order to obtain the original password. When used in PPP, CHAP also provides protection againstreplay attacks by the peer through the use of a challenge which is generated by the authenticator, which is typically anetwork access server.
Where CHAP is used in other protocols, it may be sent in the clear, or it may be protected by a security layer such asTransport Layer Security (TLS). For example, when CHAP is sent overRADIUS usingUser Datagram Protocol (UDP), any attacker who can see the RADIUS packets can mount an offlinedictionary attack, as with PPP.
CHAP requires that both the client and server know the clear-text version of the password, although the password itself is never sent over the network. Thus when used in PPP, CHAP provides better security as compared toPassword Authentication Protocol (PAP) which is vulnerable for both these reasons.
When the peer sends CHAP, the authentication server will receive it, and obtain the "known good" password from a database, and perform the CHAP calculations. If the resulting hashes match, then the user is deemed to be authenticated. If the hashes do not match, then the user's authentication attempt is rejected.
Since the authentication server has to store the password in clear-text, it is impossible to use differentformats for the stored password. If an attacker were to steal the entire database of passwords, all of those passwords would be visible "in the clear" in the database.
As a result, while CHAP can be more secure than PAP when used over a PPP link, it prevents more secure storage "at rest" than with other methods such asPAP.
MS-CHAP is similar to CHAP but uses a different hash algorithm, and allows for each party to authenticate the other.
CHAP is an authentication scheme originally used byPoint-to-Point Protocol (PPP) servers to validate the identity of remote clients. CHAP periodically verifies the identity of theclient by using athree-way handshake. This happens at the time of establishing the initiallink (LCP), and may happen again at any time afterwards. The verification is based on ashared secret (such as the client's password).[1]
| Description | 1 byte | 1 byte | 2 bytes | 1 byte | Variable | Variable |
|---|---|---|---|---|---|---|
| Challenge | Code = 1 | ID | Length | Challenge length | Challenge value | Name |
| Response | Code = 2 | ID | Length | Response length | Response value | Name |
| Success | Code = 3 | ID | Length | Message | ||
| Failure | Code = 4 | ID | Length | Message |
The ID chosen for the random challenge is also used in the corresponding response, success, and failure packets. A new challenge with a new ID must be different from the last challenge with another ID. If the success or failure is lost, the same response can be sent again, and it triggers the same success or failure indication. ForMD5 as hash the response value isMD5(ID||secret||challenge), the MD5 for the concatenation of ID, secret, and challenge.[2]
