Challenge Handshake Authentication Protocol (CHAP) is an authentication protocol used to periodically verify the identity of clients. CHAP is used by internet access providers to authenticate users.

The Challenge-Handshake Authentication Protocol (CHAP) verifies the identity of the client using a 3-way handshake procdure.

  1. The authentication agent (typically a network server) sends a "challenge" message to the client. This messages contains a random number and an ID value.
  2. The client uses this message together with a shared secret (usually the user name and password) to calculate a so-called hash value.
  3. The authenticator checks the response against its own calculation of the expected hash value. If the values match, the authentication is acknowledged; otherwise the connection should be terminated.

This procedure may be repeated at random intervals after the link has been established. Each time the procedure is repeated, the ID value is increased by one.

Using this protocol, the username and password are transmitted in an encrypted form that protects against hackers or other intruders.

CHAP is defined in RFC 1994.

See also
External links