(
Challenge
Handshake
Authentication
Protocol) An access control protocol for dialing into a network that provides a moderate degree of security. When the client logs onto the network, the network access server (NAS) sends the client a random value (the challenge). The client encrypts the random value with its password, which acts as an encryption key. It then sends the encrypted value to the NAS, which forwards it along with the challenge and username to the authentication server. The CHAP server encrypts the challenge with the password stored in its database for the user and matches its results with the response from the client. If they match, it indicates the client has the correct password, but the password itself never left the client's machine. See
PAP,
EAP,
PPP and
challenge-response.