CHAP (Challenge-Handshake Authentication Protocol)
- After the link is made, the server sends a challenge message to the connection requestor. The requestor responds with a value obtained by using a one-way hash function.
- The server checks the response by comparing it its own calculation of the expected hash value.
- If the values match, the authentication is acknowledged; otherwise theconnection is usually terminated.
At any time, the server can request the connected party to send a new challenge message. Because CHAP identifiers are changed frequently and because authentication can be requested by the server at any time, CHAP provides more security than PAP. RFC1334 defines both CHAP and PAP.