CHAP stands for Challenge Handshake Authentication Protocol. It is a three-way handshaking authentication protocol that provides more security than PAP (Password Authentication Protocol). In this method, the password is kept secret and it is never sent online. The steps of CHAP are given below:

(i) The system sends to the user a challenge packet containing a challenge value, usually a few bytes.
(ii) The user applies a predefined function that takes the challenge value and the user’s password and creates a result. The user sends the result in a response to the packet.
(iii) The system also applies the same function to the password of the user and the challenge value to create the result. If this result is the same as a result sent in the response packet the access is granted, otherwise the access is denied.


PAP stands for Password Authentication Protocol. It is a simple authentication protocol having the following two steps:

(i) The user sends an authentication identification (usually the user name) and a password.
(ii) The system checks the validity of identification and either accepts or denies the connection.

Note: Password Authentication Protocol is not a secure protocol. A third party can easily pick up the password and access the system resources.