CHAP or Hash question

CHAP is used to authenticate routers over a PPP WAN link. They don't send the password in clear text but they send an MD5 hash of the password and the other router compares what it receives with the hash of it's own password. If both routers have the same password they will get the same MD5 hash result.

My question is how does this stop someone from packet sniffing and getting the MD5 hash result and then just sending the MD5 hash to one of the routers to authenticate and connect?

Find more posts tagged with

Free for TechExams community: Cybersecurity salary guide

Compare cert salaries and plan your next career move

Button

Comments

wastedtime

When a challenge is sent there is a challenge value sent with it that gets hashed with the password. The value is changed for each challenge. Because that value is changed the hashes are always different.

Jackace

wastedtime wrote: »

When a challenge is sent there is a challenge value sent with it that gets hashed with the password. The value is changed for each challenge. Because that value is changed the hashes are always different.

Thank you that is the piece I was missing.