CHAP Authentication Process

• RAS sends a random “challenge” string and its name to dialup client

• Client looks up server name, finds the password, and calculates a hash (e.g., MD5) of the concatenation of

• • Challenge
  • Password

• Client sends hash and its userid to RAS

• RAS calculates the same MD5 hash using the concatenation of

• • Challenge string
  • Password for the client’s identity

• If hashes match,client is authenticated (success)

• • If not, client is rejected (failure)