What Is CHAP? - Security Wiki - Double Octopus

🚀 We’re excited to welcome Dan Warmenhoven, former CEO of NetApp, to our Board of Directors!

• LinkedIn
• Twitter
• YouTube
• Vimeo

Search Categories

• Home
• Authentication
  • FIDO2 Authentication Standard
  • Token-Based Authentication
  • OTP, HOTP and TOTP
  • Shared Accounts
  • Passwordless
  • Ticket Granting Tickets
  • Out of Band Authentication
  • Risk Based Authentication
  • Universal 2nd Factor
  • Biometric Authentication
  • Adaptive Authentication
  • Time Based One Time Password
  • Push Notification Authentication
  • Privileged Access Management
  • Key Distribution Center
  • Smart Card Authentication
  • Step Up Authentication
  • Active Directory
  • What is Two-Factor Authentication
  • Single-Factor Authentication
  • Multi Factor Authentication (MFA)
• Cloud Services
  • Security as a Service
  • Infrastructure as a Service
• Digital Certificates
  • Certificate Authority
  • Public key infrastructure
• Encryption & Cryptography
  • Pretty Good Privacy
  • Elliptic Curve Digital Signature Algorithm
  • Diffie Hellman Algorithm
  • Cryptographic Hash Function
  • End-to-End-Encryption
  • Salted Secure Hash Algorithm
  • Pairing Based Cryptography
  • Identity Based Encryption
  • Secret Sharing
  • Quantum Cryptography
  • Advanced Encryption Standard
  • Symmetric Key Cryptography
• Federation and SSO
  • Active Directory Federation Services
  • Security Assertion Markup Language
  • Single Sign On
  • Federated Identity Management
  • Federated Identity
• Identity & access management
  • Shoulder Surfing
  • Token-Based Authentication
  • Identity Governance
  • Identity as a Service
  • Security Information and Event Management
  • Active Directory Certificate Services
  • Web Authentication
  • Identity sprawl
  • Identity and Access Management
• Network Architecture
  • Virtual Desktop
  • Virtual Machine
  • Mobile Device Management
  • Stateless Authentication
  • Stateful Cloud
  • Stateless Cloud
  • Demilitarized Zone
  • Zero Trust
  • Virtual Private Network
• Protocol
  • FIDO2 Authentication Standard
  • Pretty Good Privacy
  • Secure Shell (SSH)
  • FIDO – Fast Identity Online
  • Client to Authenticator Protocol
  • Extensible Authentication Protocol
  • Secure, Quick, Reliable Login
  • Open Authorization
  • Internet Key Exchange
  • NT LAN Manager
  • System for Cross-Domain Identity Management
  • Challenge Handshake Authentication Protocol
  • Salted Challenge Response Authentication Mechanism
  • Key Agreement Protocol
  • Trust on First Use
  • Simple Object Access Protocol
  • Representational State Transfer
  • Zero Knowledge Proof
  • Kerberos
  • Lightweight Directory Access Protocol
  • Secure Socket Shell
• Regulations
  • Payment Services Directive
  • Defense Federal Acquisition Regulations Supplement
  • National Institute of Standards and Technology
  • Center of Internet Security Controllers
  • Health Insurance Portability and Accountability Act
  • Payment Card Industry Data Security Standard
  • General Data Protection Regulation
• Threats and Tools
  • Shoulder Surfing
  • Phishing Attacks
  • Brute-force Attack
  • Corporate Account Takeover
  • Credential Stuffing
  • Golden TicketKey Distribution Service
  • Advanced Persistent Threat
  • Address Resolution Protocol Poisoning
  • Man-in-the-Browser Attack
  • Password Spraying
  • Meterpreter
  • HTTPS spoofing
  • Session Hijacking
  • Wi-Fi Eavesdropping
  • Email hijacking
  • SSL Stripping
  • DNS spoofing
  • IP spoofing
  • Mimikatz
  • Man in the Middle Attack

Home > Wikis > Protocol > Challenge Handshake Authentication Protocol

Categories

• Home
• Authentication
  • FIDO2 Authentication Standard
  • Token-Based Authentication
  • OTP, HOTP and TOTP
  • Shared Accounts
  • Passwordless
  • Ticket Granting Tickets
  • Out of Band Authentication
  • Risk Based Authentication
  • Universal 2nd Factor
  • Biometric Authentication
  • Adaptive Authentication
  • Time Based One Time Password
  • Push Notification Authentication
  • Privileged Access Management
  • Key Distribution Center
  • Smart Card Authentication
  • Step Up Authentication
  • Active Directory
  • What is Two-Factor Authentication
  • Single-Factor Authentication
  • Multi Factor Authentication (MFA)
• Cloud Services
  • Security as a Service
  • Infrastructure as a Service
• Digital Certificates
  • Certificate Authority
  • Public key infrastructure
• Encryption & Cryptography
  • Pretty Good Privacy
  • Elliptic Curve Digital Signature Algorithm
  • Diffie Hellman Algorithm
  • Cryptographic Hash Function
  • End-to-End-Encryption
  • Salted Secure Hash Algorithm
  • Pairing Based Cryptography
  • Identity Based Encryption
  • Secret Sharing
  • Quantum Cryptography
  • Advanced Encryption Standard
  • Symmetric Key Cryptography
• Federation and SSO
  • Active Directory Federation Services
  • Security Assertion Markup Language
  • Single Sign On
  • Federated Identity Management
  • Federated Identity
• Identity & access management
  • Shoulder Surfing
  • Token-Based Authentication
  • Identity Governance
  • Identity as a Service
  • Security Information and Event Management
  • Active Directory Certificate Services
  • Web Authentication
  • Identity sprawl
  • Identity and Access Management
• Network Architecture
  • Virtual Desktop
  • Virtual Machine
  • Mobile Device Management
  • Stateless Authentication
  • Stateful Cloud
  • Stateless Cloud
  • Demilitarized Zone
  • Zero Trust
  • Virtual Private Network
• Protocol
  • FIDO2 Authentication Standard
  • Pretty Good Privacy
  • Secure Shell (SSH)
  • FIDO – Fast Identity Online
  • Client to Authenticator Protocol
  • Extensible Authentication Protocol
  • Secure, Quick, Reliable Login
  • Open Authorization
  • Internet Key Exchange
  • NT LAN Manager
  • System for Cross-Domain Identity Management
  • Challenge Handshake Authentication Protocol
  • Salted Challenge Response Authentication Mechanism
  • Key Agreement Protocol
  • Trust on First Use
  • Simple Object Access Protocol
  • Representational State Transfer
  • Zero Knowledge Proof
  • Kerberos
  • Lightweight Directory Access Protocol
  • Secure Socket Shell
• Regulations
  • Payment Services Directive
  • Defense Federal Acquisition Regulations Supplement
  • National Institute of Standards and Technology
  • Center of Internet Security Controllers
  • Health Insurance Portability and Accountability Act
  • Payment Card Industry Data Security Standard
  • General Data Protection Regulation
• Threats and Tools
  • Shoulder Surfing
  • Phishing Attacks
  • Brute-force Attack
  • Corporate Account Takeover
  • Credential Stuffing
  • Golden TicketKey Distribution Service
  • Advanced Persistent Threat
  • Address Resolution Protocol Poisoning
  • Man-in-the-Browser Attack
  • Password Spraying
  • Meterpreter
  • HTTPS spoofing
  • Session Hijacking
  • Wi-Fi Eavesdropping
  • Email hijacking
  • SSL Stripping
  • DNS spoofing
  • IP spoofing
  • Mimikatz
  • Man in the Middle Attack

Challenge Handshake Authentication Protocol

Challenge-Handshake Authentication Protocol (CHAP) is an identity verification protocol that does not rely on sending a shared secret between the access-requesting party and the identity-verifying party (the authenticator). CHAP is based on a shared secret, but in order to authenticate, the authenticator sends a “challenge” message to the access-requesting party, which responds with a value calculated using a “one-way hash” function that takes as inputs the challenge and the shared secret. The authenticator checks the response against its own calculation of the expected hash value.  If the values match, the authentication succeeds, otherwise it fails.  Following the establishment of an authenticated connection, the authenticator may send a challenge to the access-requesting party at random intervals, to which the access-requesting party will have to produce the correct response.

CHAP has built in measures to protect against playback attack by requiring the access-requesting party to use an incrementally changing identifier and a variable challenge value. The authenticator is in control of the frequency and timing of the challenges. The use of repeated challenges is intended to limit the time of exposure to any single attack.

X Report

Passwordless Authentication for the Workforce

Learn why Octopus is the industry's best-in-class workforce passwordless solution! DOWNLOAD NOW