The principle of CHAP encryption for industrial routers.

 

The industrial router's PPP protocol supports CHAP and PAP (Password Authentication Protocol). The CHAP protocol is more secure than PAP because of encrypted communication and timing verification.  CHAP is commonly called the Challenge Handshake Authentication Protocol. The receiver encrypts it into a value by encrypting its own database ID and password, and then verifies whether the value is consistent with the value calculated by the sender. This is the so-called CHAP "Challenge Handshake Authentication Protocol."

 

 

CHAP authentication and its characteristics. After the CHAP authentication protocol is configured, it initiates the connection industrial router 1 to send the establishment link request to the opposite industrial router 2, and negotiates the use of CHAP authentication. The process of authentication is as follows:

 

 

1. Industrial router 2 sends an inquiry message (content including ID, random number, router name industrial router 2) to industrial router 1;

 

2. Industrial router 1 queries its own database according to the name industrial router 2 in the inquiry message, finds the shared password with the user industrial router 2, and then uses the ID, random number, name industrial router 2 and shared password in the inquiry message, generates a unique MD5 (summary 5) hash number;

 

 

3. Industrial router 1 sends the ID, random number, hash number and name industrial router 1 in the inquiry message to industrial router 2;

 

 

4. Industrial router 2 uses its ID, random number, name industrial router 2, which is originally sent to industrial router 1, plus the shared password to generate its own hash number;

 

5. Industrial router 2 compares its own hash number with the hash number sent by industrial router 1. If the two values are the same, industrial router 2 sends a link establishment response to industrial router 1 (if different, the system generates a CHAP failure datagram).

 

 

6. Link establishment, connection;

 

 

7. Repeat steps 1~6 after some interval. If the R2 compares to find that the two hashes are different, the connection is terminated.