|
|
Posted on 11/29/2014 10:31:03 PM
|
|
|
CHAP: Challenge Handshake Authentication Protocol
Challenge the Handshake Authentication Agreement (CHAP) passedThree handshakesPeriodically verify the identity of the peer at the beginningLinkIt is done at establishment and can be repeated at any time after the link is established.
1. After the link establishment stage is over, the authenticator will send a message to the right personendpointSend a "challenge" message.
2. Answer the endpoint with the value calculated by the one-way hash function.
3. The certifier calculates it on its ownhash valueto check the response, if the values match, the authentication is recognized; Otherwise, the connection should be terminated.
4. After a certain random interval, the authenticator sends a new challenge to the endpoint, repeating steps 1 through 3.
By incrementing the changed identifier and the variable challenge value, CHAP prevents theReplay the attack, using repeated checksums to limit the time exposed to a single attack. The certifier controls the frequency and timing of validation.
This authentication method relies on something shared only by the authenticator and the peerkey,keyNot sent over that link.
Although the certification is one-way, CHAP negotiation is carried out in both directions, the samekeyMutual authentication can be easily achieved.
Since CHAP can be used in many different system authentications, it can be used with a NAMEfieldAs an index to find the correct key in a large key table, it also supports multiple NAME/ key pairs in one system and can change keys at any time in a session.
CHAP requirementskeyIt exists in plaintext and cannot use the usual database of unrepliable encrypted passwords.
CHAP is not applicable in large networks because every possible onekeyIt is maintained by both ends of the link.
Protocol structure
The configuration options for CHAP are formatted as follows:
8 16 32 40 bit
Type Length Authentication-Protocol Algorithm
· Type ― 3
· Length ― 5
· Authentication-Protocol — For CHAP, C223 (Hex).
· The Algorithm — Algorithm field isoctets, indicates the authentication method used.
The CHAP packet structure looks like this:
8 16 32 bit Variable
Code> Identifier Length Data . . .
· Code — Identifies the CHAP packet type. CHAP codes have the following types: 1. Challenge; 2、Response; 3、Success; 4、Failure。
· Identifier — Used to match Challenges, Responses, and Replies information.
· Length — The length of the CHAP packet, including the Code, Identifier, Length, and Data fields.
· Data — 0 or moreoctets。 The field format depends on the Code field. For Success and Failure, the Data field includes a variable information field that performs independently
|
Previous:Forgotten Malaysia Airlines, US officials revealed the shocking inside story!!Next:[November 29, 21:30] Share 20 Thunder member accounts
|
