A few words of thanks would be greatly appreciated.

Authentification - Microsoft Challenge Handshake Authentication Protocol (MS-CHAP)


Microsoft has developed a specific version of CHAP, called MS-CHAP (Microsoft Challenge Handshake Authentication Protocol version 1, sometimes denoted as MS-CHAP-v1), improving the overall security. Indeed, CHAP requires that passwords are transferred in plain text over the network, which is a potential vulnerability. MS-CHAP provides a hash function to store (via a hash) the password on the server. When the remote machine responds to the challenge, and it has to hash the password using the proprietary algorithm.

Unfortunately the MS-CHAP-v1 protocol suffers from security vulnerabilities related to weaknesses in the proprietary hash function.


Version 2 of MS-CHAP, MS-CHAP-called V2 was set in January 2000 (RFC 2759). This new version of the protocol defines a so-called "mutual authentication" method, allowing the authentication server and the remote machine to verify their identities. The process is as follows:
  • The authentication server sends a verification request (session identifier and a random string) to the remote client.

The remote client responds with:
  • its user name,
  • a hash containing arbitrary string provided by the authentication server, the session ID and password,
  • a random string.

The authentication server checks the response from the remote client and in turn send:
  • a notification of success or failure of the authentication
  • an encrypted response based on the random string provided by the remote client.

The remote client then in turn verifies the response and if successful, establishes the connection.

More information

RFC 2433 - Microsoft PPP CHAP Extensions
RFC 2759 - Microsoft PPP CHAP Extensions, Version 2

Original document published on CommentcaMarche.net.

A few words of thanks would be greatly appreciated.

Ask a question
CCM is a leading international tech website. Our content is written in collaboration with IT experts, under the direction of Jeff Pillou, founder of CCM.net. CCM reaches more than 50 million unique visitors per month and is available in 11 languages.


This document, titled "Authentification - Microsoft Challenge Handshake Authentication Protocol (MS-CHAP)," is available under the Creative Commons license. Any copy, reuse, or modification of the content should be sufficiently credited to CCM (https://ccm.net/).