Challenge-Handshake Authentication Protocol: Difference between revisions

Browse history interactively

← Previous edit

Content deleted Content added

VisualWikitext

Revision as of 02:44, 15 November 2016 edit 139.190.222.135 (talk) →Working cycle ← Previous edit		Latest revision as of 07:44, 28 May 2024 edit undo Sammi Brie (talk \| contribs) Autopatrolled, Extended confirmed users, Page movers, File movers, New page reviewers, Pending changes reviewers, Rollbackers, Template editors, Temporary account IP viewers 159,363 edits Adding local short description: "Authentication protocol to validate users", overriding Wikidata description "authentication protocol for the point-to-point protocol" Tag: Shortdesc helper
(33 intermediate revisions by 25 users not shown)
Line 1: {{Short description\|Authentication protocol to validate users}} In [[computing]], the '''Challenge-Handshake Authentication Protocol''' ('''CHAP''') [[authentication\|authenticates]] a user or network host to an authenticating entity. That entity may be, for example, an [[Internet service provider]]. CHAP is specified in RFC 1994. In [[computing]], the '''Challenge-Handshake Authentication Protocol''' ('''CHAP''') is an [[authentication protocol]] originally used by [[Point-to-Point Protocol]] (PPP) to validate users. CHAP is also carried in other authentication protocols such as [[RADIUS]] and [[Diameter (protocol)\|Diameter]]. Almost all [[network operating system]]s support PPP with CHAP, as do most [[network access server]]s. CHAP is also used in [[PPPoE]], for authenticating DSL users. CHAP provides protection against [[replay attack]]s by the peer through the use of an incrementally changing identifier and of a variable challenge-value. CHAP requires that both the client and server know the plaintext of the secret, although it is never sent over the network. Thus, CHAP provides better security as compared to [[Password Authentication Protocol]] (PAP) which is vulnerable for both these reasons. The [[MS-CHAP]] variant does not require either peer to know the plaintext and does not transmit it, but has been broken.<ref>{{cite web▼ ~~\|url=https://www.cloudcracker.com/blog/2012/07/29/cracking-ms-chap-v2/~~ As the PPP sends data unencrypted and "in the clear", CHAP is vulnerable to any attacker who can observe the PPP session. An attacker can see the user's name, CHAP challenge, CHAP response, and any other information associated with the PPP session. The attacker can then mount an offline [[dictionary attack]] in order to obtain the original password. When used in PPP, CHAP also provides protection against [[replay attack]]s by the peer through the use of a challenge which is generated by the authenticator, which is typically a [[network access server]]. ~~\|title=Divide and Conquer: Cracking MS-CHAPv2 with a 100% success rate~~ ~~\|publisher=[[Defcon\|David Hulton]]~~ Where CHAP is used in other protocols, it may be sent in the clear, or it may be protected by a security layer such as [[Transport Layer Security]] (TLS). For example, when CHAP is sent over [[RADIUS]] using [[User Datagram Protocol]] (UDP), any attacker who can see the RADIUS packets can mount an offline [[dictionary attack]], as with PPP. ~~\|year=2012~~ ~~\|accessdate=2013-03-10}}</ref>~~ ▲~~CHAP provides protection against [[replay attack]]s by the peer through the use of an incrementally changing identifier and of a variable challenge-value.~~ CHAP requires that both the client and server know the ~~plaintext~~clear-text version of the ~~secret~~password, although itthe password itself is never sent over the network. Thus when used in PPP, CHAP provides better security as compared to [[Password Authentication Protocol]] (PAP) which is vulnerable for both these reasons. ~~The [[MS-CHAP]] variant does not require either peer to know the plaintext and does not transmit it, but has been broken.<ref>{{cite web~~ ==Benefits of CHAP== When the peer sends CHAP, the authentication server will receive it, and obtain the "known good" password from a database, and perform the CHAP calculations. If the resulting hashes match, then the user is deemed to be authenticated. If the hashes do not match, then the user's authentication attempt is rejected. Since the authentication server has to store the password in clear-text, it is impossible to use different [[Password#Form of stored passwords\|formats for the stored password]]. If an attacker were to steal the entire database of passwords, all of those passwords would be visible "in the clear" in the database. As a result, while CHAP can be more secure than PAP when used over a PPP link, it prevents more secure storage "at rest" than with other methods such as [[Password authentication protocol\|PAP]]. ==Variants== [[MS-CHAP]] is similar to CHAP but uses a different hash algorithm, and allows for each party to authenticate the other. ==Working cycle== CHAP is an authentication scheme originally used by [[Point -to ~~Point Protocol\|Point to~~ -Point Protocol]] (PPP)]] servers to validate the identity of remote clients. CHAP periodically verifies the identity of the [[client (computing)\|client]] by using a [[~~Handshaking~~Handshake (computing)\|three-way handshake]]. This happens at the time of establishing the initial [[Link Control Protocol\|link (LCP)]], and may happen again at any time afterwards. The verification is based on a [[shared secret]] (such as the client's password).<ref name="Forouzan2007">{{cite book\|author=Forouzan\|title=Data ~~Commn~~Communications & Networking 4E Sie\|url=https://books.google.com/books?id=6HaNKmfBK1oC&pg=PA352\|~~accessdate~~access-date=24 November 2012\|year=2007\|publisher=McGraw-Hill Education (India) Pvt Limited\|isbn=978-0-07-063414-5\|pages=352–}}</ref> # After the completion of the link establishment phase, the authenticator sends a "challenge" message to the peer. # The peer responds with a value calculated using a [[one-way function\|one-way hash function]] on the challenge and the secret combined. # The authenticator checks the response against its own calculation of the expected hash value. If the values match, the authenticator acknowledges the authentication; otherwise it should terminate the connection. # AtIn ~~random intervals~~PPP, the authenticator ~~sends~~may send a new challenge at random intervals to the peer and repeats steps 1 through 3. However, when CHAP is used in most situations (e.g. [[RADIUS]]), this step is not performed. ==CHAP packets== {\| class="wikitable" \|- !Description !1 byte Line 25 ⟶ 36: !1 byte !Variable !Variable ~~!variable~~ \|- \|Challenge Line 31 ⟶ 42: \|ID \|Length \|Challenge ~~Length~~length \|Challenge value \|Name Line 39 ⟶ 50: \|ID \|Length \|Response ~~Length~~length \|Response value \|Name Line 65 ⟶ 76: \|publisher=[[Cisco Systems\|Cisco tech note]] \|year=2005 \|~~accessdate~~access-date=2011-08-14}}</ref> == See also == ~~{{wikibooks \| Network Plus Certification/Security/User Authentication }}~~ * [[List of authentication protocols]] * [[Password Authentication Protocol]] * [[Challenge–response authentication]] * [[Challenge-response test]] * [[Cryptographic hash function]] == References == {{reflist}} ~~<references />~~ == External links == {{wikibooks ~~RFC~~\| ~~1994~~Network ~~PPP~~Plus ~~Challenge Handshake~~Certification/Security/User Authentication ~~Protocol (CHAP)~~}} {{IETF RFC\|1994}} PPP Challenge Handshake Authentication Protocol (CHAP) * RFC 2865 Remote Authentication Dial In User Service ([[RADIUS]]): ''uses [[Password authentication protocol\|PAP]] or CHAP'' * {{IETF RFC\|2865}} ~~3748 Extensible~~Remote Authentication ~~Protocol~~Dial In User Service ([[~~Extensible Authentication Protocol\|EAP~~RADIUS]]): ''~~discusses~~uses [[Password authentication protocol\|PAP]] or CHAP'' * {{IETF RFC\|3748}} Extensible Authentication Protocol ([[Extensible Authentication Protocol\|EAP]]): ''discusses CHAP'' {{Authentication APIs}} Line 86 ⟶ 97: [[Category:Internet protocols]] [[Category:Password authentication]] [[Category:~~Computer access control~~Authentication protocols]]