Challenge Handshake Authentication Protocol (CHAP) is a three way handshake protocol which is considered more secure than PAP. Authentication Protocol. The client and the server share a secret such as a password to help verify the client identification. The three way handshake is done when the initial link is established but it may be done other times after the link is established.

Challenge Handshake Authentication Protocol (CHAP) is defined by RFC 1994

According to RFC 1994, the challenge handshake works as follows:

  1. The authenticator sends a "challenge" message to the client.
  2. The client calculates a one-way hash on the challenge value using a shared secret and sends it to the authenticator.
  3. The authenticator checks the response against its own calculation of the expected hash value based on the shared secret. If the values match, the authentication is successful and acknowledged by the authenticator. If the values do not match the connection is terminated.