Acrónimos: CHAP
Ver:
· PAP - Password Authentication Protocol
· http://www.ietf.org/rfc/rfc1994
Protocolo de
reto-respuesta por el que el receptor del reto es capaz de generar una
respuesta válida, sólo si es quien dice ser. El reto debe cambiarse
continuamente, sin repeticiones, para evitar ataques de "replay".
An authentication
protocol where the Verifier sends the Claimant a challenge (usually a random
value or a nonce) that the Claimant combines with a secret (such as by hashing
the challenge and a shared secret together, or by applying a private key
operation to the challenge) to generate a response that is sent to the
Verifier. The Verifier can independently verify the response generated by the
Claimant (such as by re-computing the hash of the challenge and the shared
secret and comparing to the response, or performing a public key operation on
the response) and establish that the Claimant possesses and controls the
secret. [NIST-SP800-63:2013]
(I) A peer entity
authentication method (employed by PPP and other protocols, e.g., RFC 3720)
that uses a randomly generated challenge and requires a matching response that
depends on a cryptographic hash of some combination of the challenge and a
secret key. [R1994] (See: challenge-response, PAP.) [RFC4949:2007]
a three-way
authentication protocol defined in RFC 1994. [ISO-18028-4:2005]
A type of
authentication where the person logging in uses secret information and some
special mathematical operations to come up with a number value. The server he
or she is logging into knows the same secret value and performs the same mathematical
operations. If the results match, the person is authorized to access the
server. One of the numbers in the mathematical operation is changed after every
log-in, to protect against an intruder secretly copying a valid authentication
session and replaying it later to log in.
http://www.watchguard.com/glossary/
The
Challenge-Handshake Authentication Protocol uses a challenge/response
authentication mechanism where the response varies every challenge to prevent
replay attacks.
http://www.sans.org/security-resources/glossary-of-terms/
Protocole
d'authentification basée sur le mécanisme de challenge/response, CHAP permet
l'authentification par un serveur d' un client disposant d'un secret commun,
sans véhiculer ce secret (et améliore en ce sens le protocole PAP). CHAP se déroule en trois étapes:
·
Le
serveur envoie le défi au client.
·
Le
client utilise une fonction de hachage à sens unique (one-way hash function)
pour forger la réponse qu'il ré-émet au serveur.
· Le serveur effectue la même opération et compare les deux résultats. La concordance assure l'authenticité.
Périodiquement, ces
trois étapes sont répétées afin de garantir l'identité des interlocuteurs.
CHAP implémente un
service d'anti-rejeu.
CHAP n'assure pas
l'authentification mutuelle (le serveur n'est pas authentifié par le client).
http://securit.free.fr/glossaire.htm
Temas relacionados