Revision as of 02:56, 17 April 2022 edit Cherkash (talk \| contribs) Extended confirmed users 30,408 edits mNo edit summary ← Previous edit		Revision as of 03:35, 2 May 2022 edit undo 174.69.109.162 (talk) →Benefits of CHAP: typo correct Next edit →
Line 12: When the peer sends CHAP, the authentication server will receive it, and obtain the "known good" password from a database, and perform the CHAP calculations. If the resulting hashes match, then the user is deemed to be authenticated. If the hashes do not match, then the users authentication attempt is rejected. Since the authentication server has to store the password in clear-text, it is impossible to ~~user~~use different [[Password#Form_of_stored_passwords\|formats for the stored password]]. If an attacker were to steal the entire database of passwords, all of those passwords would be visible "in the clear" in the database. As a result, while CHAP can be more secure than PAP when used over a PPP link, it prevents more secure storage "at rest" than with other methods such as [[Password authentication protocol\|PAP]].

Challenge-Handshake Authentication Protocol: Difference between revisions