The CHAP authentication scheme is used primarily by Point to Point Protocol (PPP) servers as a way to validate the identity of remote clients (perhaps most commonly used by internet service providers). At random time intervals, CHAP verifies the identity of the client by using something known as a three-way handshake. This verification is performed using a credential which is known to both the client and the service (typically the user's password).
After the link between the client and the server (also known as the authenticator) has been established it sends a challenge message to the peer. The peer subsequently responds to the authenticator with a hashed value calculated using the Message Digest (MD5) hashing algorithm. The authenticator checks the client response against its own calculation of the expected hash value. If the two values match, the authenticator acknowledges the authentication. If the values do not match, the connect is terminated. These steps are repeated at random intervals.
It is important to note that Microsoft has also implemented two variants of the Challenge Handshake Authentication Protocol, called MS-CHAP and MS-CHAP-v2.