Talk:Challenge-Handshake Authentication Protocol

I moved this page from CHAP, as it doesn't take much imagination to suppose that something else might have the same acronym. --KQ

Also, this page is linked to from Password Authentication Protocol and nowhere else. --KQ

Chap is also A man or boy; a fellow. (http://www.yourdictionary.com/ahd/c/c0243000.html) plus it has other meanings too

From the description of the protocol, it would appear that no secret information such as passwords are needed! I would guess that this line:

"2. The peer responds with a value calculated using a one-way hash function, such as MD5."

should mention that the message sent by the server and the password are both inputs to the hash function in some way? --Birkett 09:18, 30 June 2006 (UTC)[reply]

I agree with Birkett, you should rephrase the sentence as "The peer responds with a value calculated using a one-way hash function based on the shared secret. [Makan]

Question : How is the shared secret shared in the first place ? ie how is CHAP installed on a new computer. At some stage the shared secret needs to pass through the public domain from server to client. Could how this happens be explained here ? MAR 2007 <MJ>

CHAP is used in PPP, main usage of PPP is DSL with PPPoE. The "secret" is (in this case) usally transfered with a classical written letter. The server should receive your identity with the next update (or should poll a db/ldap/...) —Preceding unsigned comment added by 131.159.4.197 (talk) 14:06, 13 May 2008 (UTC)[reply]