- A. CHAP uses a two-way handshake.
- B. CHAP uses a three-way handshake.
- C. CHAP authentication periodically occurs after link establishment.
- D. CHAP authentication passwords are sent in plaintext.
- E. CHAP authentication is performed only upon link establishment.
- F. CHAP has no protection from playback attacks.
Understanding and Configuring PPP CHAP Authentication
One-Way and Two-Way AuthenticationCHAP is defined as a one-way authentication method. However, you use CHAP in both directions to create a two-way authentication. Hence, with two-wayCHAP, a separate three-way handshake is initiated by each side. In the Cisco CHAP implementation, by default, the called party must authenticate the calling party (unless authentication is completely turned off). Therefore, a one-way authentication initiated by the called party is the minimum possible authentication. However, the calling party can also verify the identity of the called party, and this results in a two-way authentication. One-way authentication is often required when you connect to non-Cisco devices.