RFC 1994 (rfc1994) - Page 2 of 12
PPP Challenge Handshake Authentication Protocol (CHAP)
Alternative Format: Original Text Document
RFC 1994 PPP CHAP August 1996
1.2. Terminology
This document frequently uses the following terms:
authenticator
The end of the link requiring the authentication. The
authenticator specifies the authentication protocol to be
used in the Configure-Request during Link Establishment
phase.
peer The other end of the point-to-point link; the end which is
being authenticated by the authenticator.
silently discard
This means the implementation discards the packet without
further processing. The implementation SHOULD provide the
capability of logging the error, including the contents of
the silently discarded packet, and SHOULD record the event
in a statistics counter.
2. Challenge-Handshake Authentication Protocol
The Challenge-Handshake Authentication Protocol (CHAP) is used to
periodically verify the identity of the peer using a 3-way handshake.
This is done upon initial link establishment, and MAY be repeated
anytime after the link has been established.
1. After the Link Establishment phase is complete, the
authenticator sends a "challenge" message to the peer.
2. The peer responds with a value calculated using a "one-way
hash" function.
3. The authenticator checks the response against its own
calculation of the expected hash value. If the values match,
the authentication is acknowledged; otherwise the connection
SHOULD be terminated.
4. At random intervals, the authenticator sends a new challenge to
the peer, and repeats steps 1 to 3.
Simpson