CHAP and MS-CHAP is a part of network protocol. The Challenge Handshake Authentication Protocol (CHAP, described in RFC 1994) and the version. MS-CHAP (RFC 2433), are use for remote authentication. These protocols use a password hash to encrypt a challenge string. The remote access server uses password hash from its account database to encrypt the challenge string . And also compare the two results. If they are the same, the user is authenticate to access.

Functions of CHAP and MS-CHAP:

CHAP requires that the password be stored in reversibly encrypted text. This is considerate to be less secure than a one way encryption, since decryption is possible. MS-CHAP does not require that the password be store as reversibly encrypted text, instead the MD4 hash of the password is stored. MD4 is a one-way algorithm, once, hashed, the password cannot be decrypted.

In addition to more secure storage of credentials, the MS-CHAPv2 (RFC 2759) requires mutual authentication – the user must authenticate to the server, and the server must also prove its identity. To do so, server encrypts a challenge sent by the client. Since the server uses the client’s password to do so , the only a server that holds the account database in which the client has a password could do so, the client assures that it is talking to a valid remote access server Since the do so, and only a server that holds. This is a stronger algorithm.

Leave a Reply