Revision as of 13:45, 11 February 2017 edit Eumolpo (talk \| contribs) Extended confirmed users 30,570 edits m orthographic ← Previous edit		Revision as of 01:14, 25 March 2017 edit undo PrimeBOT (talk \| contribs) Bots 2,129,981 edits m convert deprecated magic links to template usage, update CS1 params in templates - BRFA Next edit →
Line 1: In [[computing]], the '''Challenge-Handshake Authentication Protocol''' ('''CHAP''') [[authentication\|authenticates]] a user or network host to an authenticating entity. That entity may be, for example, an [[Internet service provider]]. CHAP is specified in ~~RFC~~{{IETF RFC\|1994}}. CHAP provides protection against [[replay attack]]s by the peer through the use of an incrementally changing identifier and of a variable challenge-value. CHAP requires that both the client and server know the plaintext of the secret, although it is never sent over the network. Thus, CHAP provides better security as compared to [[Password Authentication Protocol]] (PAP) which is vulnerable for both these reasons. The [[MS-CHAP]] variant does not require either peer to know the plaintext and does not transmit it, but has been broken.<ref>{{cite web Line 78: == External links == * ~~RFC~~{{IETF RFC\|1994}} PPP Challenge Handshake Authentication Protocol (CHAP) * ~~RFC~~{{IETF RFC\|2865}} Remote Authentication Dial In User Service ([[RADIUS]]): ''uses [[Password authentication protocol\|PAP]] or CHAP'' * ~~RFC~~{{IETF RFC\|3748}} Extensible Authentication Protocol ([[Extensible Authentication Protocol\|EAP]]): ''discusses CHAP'' {{Authentication APIs}}

Challenge-Handshake Authentication Protocol: Difference between revisions