The CHAP Authentication Process

The authentication process between two routers occurs as follows:
1. Challenger sends a Challenge (Type 1) packet to the remote end.
2. The remote end copies the identifier into a new packet and into a Response (Type 2) packet
along with the hashed secret. The secret (the password) isn’t transmitted, only the hashed value.
3. The Challenger receives the Response packet and checks the hashed secret against its
hashed secret. If they match, it sends a Success (Type 3) packet back. Otherwise, it’ll send
a Failure (Type 4) packet back.
Challenge and Response packets have the following fields:
Code Eight bits; value of 1 for Challenge, or 2 for Response.
Identifier Eight bits; must be changed every time a challenge is sent.
Value-Size Eight bits; indicates the length of the Value field.
Value Variable (eight-bit minimum). The field is quite different depending on a Challenge or
Response. The Challenge value contains the challenge and is a variable stream of octets. The
Challenge value must be changed each time a Challenge is sent. The length of the Challenge
value depends on the method used to generate the octets and is independent of the hash algorithm
used.
The Response value is the one-way hashed response calculated over a stream of octets consisting
of the Identifier, followed by (concatenated with) the “secret,” followed by (concatenated with)
the Challenge value. The length of the Response value depends on the hash algorithm used (16
octets for MD5).
Name Variable (eight-bit minimum); identifies the system transmitting the packet.
Success (3) and Failure (4) packets have these fields:
 CodeIdentifier (which is copied from Response)
 Length
 Message
The Message field is one or more octets long and contains information that is readable by
humans. By using the debug ppp authentication command, you can see each step that is
taken with the CHAP Challenge and Response fields:
BR0:1 PPP: Treating connection as a callout
BR0:1 PPP: Phase is AUTHENTICATING, by both
BR0:1 CHAP: O CHALLENGE id 1 len 23 from "r2"
BR0:1 CHAP: I CHALLENGE id 1 len 23 from "r3"
BR0:1 CHAP: O RESPONSE id 1 len 23 from "r2"
BR0:1 CHAP: I SUCCESS id 1 len 4
BR0:1 CHAP: I RESPONSE id 1 len 23 from "r3"
BR0:1 CHAP: O SUCCESS id 1 len 4
Figure 26.9 shows the CHAP authentication process.