RFC 1994 (rfc1994) - Page 2 of 12

PPP Challenge Handshake Authentication Protocol (CHAP)

RFC 1994                        PPP CHAP                     August 1996


1.2.  Terminology

   This document frequently uses the following terms:

   authenticator
             The end of the link requiring the authentication.  The
             authenticator specifies the authentication protocol to be
             used in the Configure-Request during Link Establishment
             phase.

   peer      The other end of the point-to-point link; the end which is
             being authenticated by the authenticator.

   silently discard
             This means the implementation discards the packet without
             further processing.  The implementation SHOULD provide the
             capability of logging the error, including the contents of
             the silently discarded packet, and SHOULD record the event
             in a statistics counter.




2.  Challenge-Handshake Authentication Protocol

   The Challenge-Handshake Authentication Protocol (CHAP) is used to
   periodically verify the identity of the peer using a 3-way handshake.
   This is done upon initial link establishment, and MAY be repeated
   anytime after the link has been established.

   1.    After the Link Establishment phase is complete, the
         authenticator sends a "challenge" message to the peer.

   2.    The peer responds with a value calculated using a "one-way
         hash" function.

   3.    The authenticator checks the response against its own
         calculation of the expected hash value.  If the values match,
         the authentication is acknowledged; otherwise the connection
         SHOULD be terminated.

   4.    At random intervals, the authenticator sends a new challenge to
         the peer, and repeats steps 1 to 3.








Simpson