Challenge-Handshake Authentication Protocol
CHAP authenticates a user by having the server send a random challenge that the client answers with a hash combining the challenge and a shared secret. The password itself never crosses the wire, and repeated challenges resist replay attacks. It originated with dial-up PPP links and its ideas live on in protocols like MS-CHAPv2.