Talk:Challenge-Handshake Authentication Protocol

This is wrong
Chap is also A man or boy; a fellow. (http://www.yourdictionary.com/ahd/c/c0243000.html) plus it has other meanings too hi — Preceding unsigned comment added by 86.21.100.3 (talk) 16:48, 27 May 2013 (UTC)

Secret information
From the description of the protocol, it would appear that no secret information such as passwords are needed! I would guess that this line:

"2. The peer responds with a value calculated using a one-way hash function, such as MD5."

should mention that the message sent by the server and the password are both inputs to the hash function in some way? --Birkett 09:18, 30 June 2006 (UTC)

I agree with Birkett, you should rephrase the sentence as "The peer responds with a value calculated using a one-way hash function based on the shared secret. [Makan]

I agree too. It is not clear otherwise why anyone else cannot compute an MD5 hash, if no shared secret is required. [Siddharth]

Question : How is the shared secret shared in the first place ? ie how is CHAP installed on a new computer. At some stage the shared secret needs to pass through the public domain from server to client. Could how this happens be explained here ? MAR 2007 
 * CHAP is used in PPP, main usage of PPP is DSL with PPPoE. The "secret" is (in this case) usally transfered with a classical written letter. The server should receive your identity with the next update (or should poll a db/ldap/...) —Preceding unsigned comment added by 131.159.4.197 (talk) 14:06, 13 May 2008 (UTC)
 * A shared secret key is often called a "Pre-Shared Key" (PSK), in terms that both parts previously agree on a common secret, and share it off-band.Zekkerj (talk) 05:14, 24 July 2009 (UTC)

Move
Please move to Challenge-Handshake Authentication Protocol.

Requested move
Challenge-handshake authentication protocol → Challenge-Handshake Authentication Protocol – I moved this page from CHAP, as it doesn't take much imagination to suppose that something else might have the same acronym. --KQ 23:41, 25 May 2011 (UTC)

Also, this page is linked to from Password Authentication Protocol and nowhere else. --KQ
 * The capitalization change seems uncontroversial. I've asked for the redirect to be deleted so that the move can be made.--Kotniski (talk) 11:36, 2 June 2011 (UTC)

External links modified
Hello fellow Wikipedians,

I have just modified one external link on Challenge-Handshake Authentication Protocol. Please take a moment to review my edit. If you have any questions, or need the bot to ignore the links, or the page altogether, please visit this simple FaQ for additional information. I made the following changes:
 * Added archive https://web.archive.org/web/20160316174007/https://www.cloudcracker.com/blog/2012/07/29/cracking-ms-chap-v2/ to https://www.cloudcracker.com/blog/2012/07/29/cracking-ms-chap-v2/

When you have finished reviewing my changes, you may follow the instructions on the template below to fix any issues with the URLs.

Cheers.— InternetArchiveBot  (Report bug) 06:20, 27 July 2017 (UTC)