Principle of CHAP Protocol of Industrial Router
The PPP protocol of the industrial router supports CHAP protocol and PAP (Password Authentication Protocol). The CHAP protocol is more secure than PAP due to encrypted communication and regular verification. CHAP protocol is commonly known as the challenge handshake protocol. The receiver encrypts and calculates a value through its own database ID and password, and then verifies whether the value is consistent with the value calculated by the sender. This is called CHAP "Challenge Handshake Protocol".
Authentication and characteristics of CHAP protocol
After configuring the CHAP authentication protocol, initiate a connection to industrial router 1 to send a link establishment request to the peer industrial router 2, and negotiate to agree to use CHAP authentication. The certification process is as follows:
1. Industrial router 2 sends an inquiry message (content includes ID, random number, router name Industrial Router 2) to Industrial Router 1;
2. According to the name Industrial Router 2 in the query message, the Industrial Router 1 queries its own database to find the shared password with the User Industrial Router 2, and then uses the ID, random number, name Industrial Router 2 and the shared password in the query message to generate a Unique MD5 (digest 5) hash number;
3. Industrial router 1 sends the ID, random number, hash number and name in the query message to industrial router 2;
4. Industrial Router 2 generates its own hash number using the ID, random number, name Industrial Router 2 originally sent to Industrial Router 1 plus the shared password;
5. The industrial router 2 compares its own hash number with the hash number sent by the industrial router 1. If the two values are the same, the industrial router 2 sends a link establishment response to the industrial router 1 (if they are different, the system will generate a a CHAP failure datagram);
6. Link establishment, connection;
7. Repeat steps 1-6 after a period of time. If R2 finds that the two hash numbers are different, the connection is terminated.