Challenge Handshake Authentication Protocol
, or CHAP
, is one of two authentication protocols supported by PPP
. Similar to PAP
, CHAP is works with Link Control Protocol
to authenticate a connection
after the link establishment
phase. Unlike its counterpart
, however, CHAP constantly rechecks the validity of the connecting host
to protect against unauthorized access.
CHAP packets use a challenge
system, meaning that authenticators transmit a challenge packet
continuously until the connecting system responds with a packet containing a response
. If this message contains a correct value, calculated using a hash
function, the authenticator sends back a success
packet. If not, the connection fails.
A CHAP packet header
consists of 40 bit
s, composed of the following fields:
: The code field determines the function of the CHAP packet. Possible values are as follows:
1 - Challenge
2 - Response
3 - Success
4 - Failure
: The identifier field contains the actual information that determines whether or not a host will authorize the connection and allow it to take place.
: The length field is the total size of the packet, including the data field that follows the CHAP header.
The CHAP specification is fully defined in RFC 1994