Editing Challenge-Handshake Authentication Protocol (section)

==Working cycle==
CHAP is an authentication scheme originally used by [[Point-to-Point Protocol]] (PPP) servers to validate the identity of remote clients. CHAP periodically verifies the identity of the [[client (computing)|client]] by using a [[Handshake (computing)|three-way handshake]]. This happens at the time of establishing the initial [[Link Control Protocol|link (LCP)]], and may happen again at any time afterwards. The verification is based on a [[shared secret]] (such as the client's password).<ref name="Forouzan2007">{{cite book|author=Forouzan|title=Data Communications & Networking 4E Sie|url=https://books.google.com/books?id=6HaNKmfBK1oC&pg=PA352|access-date=24 November 2012|year=2007|publisher=McGraw-Hill Education (India) Pvt Limited|isbn=978-0-07-063414-5|pages=352–}}</ref>

# After the completion of the link establishment phase, the authenticator sends a "challenge" message to the peer.
# The peer responds with a value calculated using a [[one-way function|one-way hash function]] on the challenge and the secret combined.
# The authenticator checks the response against its own calculation of the expected hash value. If the values match, the authenticator acknowledges the authentication; otherwise it should terminate the connection.
# In PPP, the authenticator may send a new challenge at random intervals to the peer and repeats steps 1 through 3.  However, when CHAP is used in most situations (e.g. [[RADIUS]]), this step is not performed.