Challenge Handshake Authentication Protocol (CHAP-MD5) uses an algorithm (MD-5) to calculate a value that is known only to the authenticating system and the remote device.
With CHAP, the user ID and the password are always encrypted, so it is a more secure protocol than Password Authentication Protocol (PAP). This protocol is effective against playback and trial-and-error access attempts. CHAP authentication can occur more than once during a connection.
The authenticating system sends a challenge to the remote device that is attempting to connect to the network. The remote device responds with a value that is calculated by a common algorithm (MD-5) that both devices use. The authenticating system checks the response against its own calculation. Authentication is acknowledged when the values match; otherwise, the connection is ended.