Protocolo de
reto-respuesta por el que el receptor del reto es capaz de generar una
respuesta válida, sólo si es quien dice ser. El reto debe cambiarse
continuamente, sin repeticiones, para evitar ataques de "replay".
An authentication protocol
where the Verifier sends the Claimant a challenge (usually a random value or a
nonce) that the Claimant combines with a secret (such as by hashing the
challenge and a shared secret together, or by applying a private key operation
to the challenge) to generate a response that is sent to the Verifier. The
Verifier can independently verify the response generated by the Claimant (such
as by re-computing the hash of the challenge and the shared secret and
comparing to the response, or performing a public key operation on the
response) and establish that the Claimant possesses and controls the secret. [NIST-SP800-63:2013]
(I) A peer entity
authentication method (employed by PPP and other protocols, e.g., RFC 3720)
that uses a randomly generated challenge and requires a matching response that
depends on a cryptographic hash of some combination of the challenge and a
secret key. [R1994] (See: challenge-response, PAP.) [RFC4949:2007]
a three-way authentication
protocol defined in RFC 1994. [ISO-18028-4:2005]
A type of authentication
where the person logging in uses secret information and some special
mathematical operations to come up with a number value. The server he or she is
logging into knows the same secret value and performs the same mathematical
operations. If the results match, the person is authorized to access the
server. One of the numbers in the mathematical operation is changed after every
log-in, to protect against an intruder secretly copying a valid authentication
session and replaying it later to log in.
http://www.watchguard.com/glossary/
The Challenge-Handshake
Authentication Protocol uses a challenge/response authentication mechanism
where the response varies every challenge to prevent replay attacks.
http://www.sans.org/security-resources/glossary-of-terms/
Protocole
d'authentification basée sur le mécanisme de challenge/response, CHAP permet
l'authentification par un serveur d' un client disposant d'un secret commun,
sans véhiculer ce secret (et améliore en ce sens le protocole PAP). CHAP se déroule
en trois étapes:
·
Le
serveur envoie le défi au client.
·
Le
client utilise une fonction de hachage à sens unique (one-way hash function)
pour forger la réponse qu'il ré-émet au serveur.
·
Le
serveur effectue la même opération et compare les deux résultats. La concordance assure l'authenticité.
Périodiquement, ces
trois étapes sont répétées afin de garantir l'identité des interlocuteurs.
CHAP implémente un
service d'anti-rejeu.
CHAP n'assure pas
l'authentification mutuelle (le serveur n'est pas authentifié par le client).
http://securit.free.fr/glossaire.htm