is the Microsoft
version of the Challenge-handshake authentication protocol
, CHAP. The protocol exist in two versions, MS-CHAPv1 (defined in RFC 2433) and MS-CHAPv2 (defined in RFC 2759). MS-CHAPv2 was introduced with Windows 2000
. Windows Vista
drops support for MS-CHAPv1.
Compared with CHAP, MS-CHAP:
- is enabled by negotiating CHAP Algorithm 0x80 (0x81 for MS-CHAPv2) in LCP option 3, Authentication Protocol
- provides an authenticator-controlled password change mechanism
- provides an authenticator-controlled authentication retry mechanism
- defines failure codes returned in the Failure packet message field
MS-CHAPv2 provides mutual authentication between peers by piggybacking a peer challenge on the Response packet and an authenticator response on the Success packet.
Security Vulnerabilities and Cryptanalysis
- RFC 1994 - PPP Challenge Handshake Authentication Protocol (CHAP)
- RFC 2433 - MS-CHAPv1
- RFC 2548 - RADIUS Encapsulation of MS-CHAPv1 and MS-CHAPv2
- RFC 2759 - MS-CHAPv2