Why is CHAP resistant to replay attacksSolutionCHAP means Ch

Why is CHAP resistant to replay attacks?

Solution

CHAP means Challenge-Handshake Authentication Protoco.It is a secure procedure for connecting to a system than the Password Authentication Procedure (PAP).

CHAP works as:

1.When the the link is made, the server sends a challenge message to the connection requestor,noe the requestor responds with a value obtained by using a one-way hash function.

2.Then the server checks the response by comparing it its own calculation of the expected hash value.

3.If its values match, the authentication is acknowledged; otherwise the connection is usually terminated.

At any time, the server can request the connected party to send a new challenge message. Because CHAP identifiers are changed frequently and because authentication can be requested by the server at any time, CHAP provides more security than PAP. RFC1334 defines both CHAP and PAP.

CHAP keeps sending various challenges to the client (user) throughout the session to verify that only an authorized person is logged in.

The main advantages of the scheme are as follows:

a)It solves the problem of logged in but unattended systems.

b) Also, the password no more travels in clear but in encrypted form thus solving the problem of packet sniffing or eavesdropping.

CHAP provides protection against replay attacks by the peer through the use of an incrementally changing identifier and of a variable challenge-value. CHAP requires that both the client and server know the plain text of the secret, although it is never sent over the network. Thus, CHAP provides better security as compared to Password Authentication Protocol (PAP) which is vulnerable for both these reasons