Will CHAP perfrom re-challenge after a period of time

Answered Question
Jun 17th, 2010

Hi,

I would like to know will CHAP perform a re-challenge of the hash value after a peroid of time?

For example, initially the link up after the first authentication...Will it perform a periodic challenge? If yes, how long is it?

Thanks..

I have this problem too.
0 votes
Correct Answer by Hitesh Vinzoda about 6 years 5 months ago

Hi,

RFC 1994 states as below :

Challenge-Handshake Authentication Protocol

   The Challenge-Handshake Authentication Protocol (CHAP) is used to
   periodically verify the identity of the peer using a 3-way handshake.
   This is done upon initial link establishment, and MAY be repeated
   anytime after the link has been established.

   1.    After the Link Establishment phase is complete, the
         authenticator sends a "challenge" message to the peer.

   2.    The peer responds with a value calculated using a "one-way
         hash" function.

   3.    The authenticator checks the response against its own
         calculation of the expected hash value.  If the values match,
         the authentication is acknowledged; otherwise the connection
         SHOULD be terminated.

  4.    At random intervals, the authenticator sends a new challenge to
         the peer, and repeats steps 1 to 3

But it doesnt specifies the time interval it says random intervals...

HTH

Hitesh Vinzoda

Pls rate useful posts

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
Hitesh Vinzoda Thu, 06/17/2010 - 22:41

Hi,

RFC 1994 states as below :

Challenge-Handshake Authentication Protocol

   The Challenge-Handshake Authentication Protocol (CHAP) is used to
   periodically verify the identity of the peer using a 3-way handshake.
   This is done upon initial link establishment, and MAY be repeated
   anytime after the link has been established.

   1.    After the Link Establishment phase is complete, the
         authenticator sends a "challenge" message to the peer.

   2.    The peer responds with a value calculated using a "one-way
         hash" function.

   3.    The authenticator checks the response against its own
         calculation of the expected hash value.  If the values match,
         the authentication is acknowledged; otherwise the connection
         SHOULD be terminated.

  4.    At random intervals, the authenticator sends a new challenge to
         the peer, and repeats steps 1 to 3

But it doesnt specifies the time interval it says random intervals...

HTH

Hitesh Vinzoda

Pls rate useful posts

Actions

This Discussion