Microsoft Challenge Handshake Authentication Protocol (MS-CHAP) V1 and V2

Microsoft Challenge Handshake Authentication Protocol (MS-CHAP) V1 and V2

The Microsoft challenge handshake authentication protocol was introduced with the windows 2000 machines.  This protocol allows for a much stronger security option than the CHAP.

The V2 also provides the following additional security features.  Lan Manager encoding of responses that are no longer supported, two – way authentication that verifies the identities of both sides of the connection, separate cryptographic keys that are automatically generated for data that is both transmitted and received.

The MS-CHAP V2 has an authentication of three messages.  They are as follows.  The remote access server has to send a challenge message to the client that consists of two things, the session identifier and the arbitrary challenge string.

The remote access client then must send a response that must contain the matching user name, an arbitrary peer challenge string, and a secure hash algorithm of both of the received challenge string, the session identifier and the user’s password.

This makes for a much more secure connection to the virtual network or server that the user is trying to connect with.  The main uses for this are to log into email clients servers and to log into corporate virtual networks.

Read more