CHAP step in when two devices connect for the first time and use a secret encryption method as the authentication mechanism during communication.
This protocol authenticates a user or a server configured by an ISP. This is also specified in the RFC 1994 document.
Using a gradually changing identifier and a variable test value, CHAP provides a stronger defense against attacks than the PAP.
CHAP uses an MD5 algorithm to calculate a value known by the remote device in addition to the authentication system.
With this authentication method, the user ID and password are always sent in encrypted form. This method is not available in the PAP, which makes it a more insecure authentication than CHAP.
The authentication mechanism of this protocol can make multiple identity requests to the remote server, meaning this system sends an identity request to the remote device trying to connect to the network.
The remote device responds by sending a value calculated using a common algorithm known by both devices.
The server compares this response with its calculated response, and if the values match, the connection is established, otherwise, the connection is terminated.
How Does CHAP Work?
The CHAP was developed for more secure authentication between two devices, and it uses an encrypted query method to send credentials over the network.
In short, it initiates a three-way handshake process to verify its identity. After the client and server connect using this method, the server sends a text message to the client.
The client compares the password against this test message and then combines it and sends it back to the server as a hash packet.
The server then authenticates the packet with this hash value by comparing it with the information in the database.
The packet sent by the client is calculated in the same way by the CHAP server, and after determining whether it matches, the user can access the network.
The CHAP also has the MS-CHAP type developed by Microsoft, and the latest version is MS-CHAPv-2.